Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
20-06-2021 23:05
Static task
static1
Behavioral task
behavioral1
Sample
ProstoLauncher.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ProstoLauncher.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
ProstoLauncher.exe
-
Size
157KB
-
MD5
7410df6db7dd9dfc0c4103efa8d13fc9
-
SHA1
ea2f19e981509d96ec2c775af8a1d158e79bfca4
-
SHA256
e1cdac7f4cf342ffde7d1f1fd9ea4788166bc4f9bfe3706ba5ab71af38682f33
-
SHA512
841809c71e617f90538893652174960efa67662b5d72d6d33bf131804140a2c57b51be2b25f865d33410cc419715a7d6a597ad1e16b05c85a44a447d9642191a
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ProstoLauncher.exedescription pid process Token: SeDebugPrivilege 636 ProstoLauncher.exe