Analysis
-
max time kernel
140s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
20-06-2021 23:00
Static task
static1
Behavioral task
behavioral1
Sample
ProstoLauncher (1).exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ProstoLauncher (1).exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
ProstoLauncher (1).exe
-
Size
157KB
-
MD5
7410df6db7dd9dfc0c4103efa8d13fc9
-
SHA1
ea2f19e981509d96ec2c775af8a1d158e79bfca4
-
SHA256
e1cdac7f4cf342ffde7d1f1fd9ea4788166bc4f9bfe3706ba5ab71af38682f33
-
SHA512
841809c71e617f90538893652174960efa67662b5d72d6d33bf131804140a2c57b51be2b25f865d33410cc419715a7d6a597ad1e16b05c85a44a447d9642191a
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ProstoLauncher (1).exedescription pid process Token: SeDebugPrivilege 604 ProstoLauncher (1).exe