e1cdac7f4cf342ffde7d1f1fd9ea4788166bc4f9bfe3706ba5ab71af38682f33 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10_x64
resource
win10v20210408
submitted
20-06-2021 23:05

Sharing

Report Analysis Logs

General

Target

ProstoLauncher.exe
Size

157KB
MD5

7410df6db7dd9dfc0c4103efa8d13fc9
SHA1

ea2f19e981509d96ec2c775af8a1d158e79bfca4
SHA256

e1cdac7f4cf342ffde7d1f1fd9ea4788166bc4f9bfe3706ba5ab71af38682f33
SHA512

841809c71e617f90538893652174960efa67662b5d72d6d33bf131804140a2c57b51be2b25f865d33410cc419715a7d6a597ad1e16b05c85a44a447d9642191a

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ProstoLauncher.exe

description pid process

Token: SeDebugPrivilege 636 ProstoLauncher.exe

C:\Users\Admin\AppData\Local\Temp\ProstoLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\ProstoLauncher.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:636

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/636-114-0x0000000000E10000-0x0000000000E12000-memory.dmp

Filesize
8KB

Download
memory/636-115-0x0000000000E14000-0x0000000000E15000-memory.dmp

Filesize
4KB

Download