Overview

overview

3

Static

static

Hauptwerk....NG.exe

windows7_x64

3

Hauptwerk....NG.exe

windows10_x64

3

Resubmissions

25-06-2021 20:06

210625-3q2p1fblje 3

25-06-2021 20:05

210625-kz2cs7727s 1

25-06-2021 19:06

210625-z1nvg65y7x 3

25-06-2021 01:02

210625-9b1pbtwpe2 10

Analysis

  • max time kernel
    16s
  • max time network
    14s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    25-06-2021 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hauptwerk.4.2.1.3.serial.number.keygen.by.ViKiNG.exe

  • Size

    5.9MB

  • MD5

    180bab993b44225ee2d9c3e5ec4026d9

  • SHA1

    22ef56516424f3b7ab61d33debd89e88e18fec31

  • SHA256

    7b7881920337294d9d9b464fdfd182b2c522bf4596dce1b65ba2a2ce7d5edc38

  • SHA512

    e1632ffcc388a66b1f5c560e772117b5697ad9f1de3c1d32f7743dfe23fb3471b9b53d78520ab4a72ad9d1decf06569520c960a160585f4e3586a0e83aff22fe

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hauptwerk.4.2.1.3.serial.number.keygen.by.ViKiNG.exe
    "C:\Users\Admin\AppData\Local\Temp\Hauptwerk.4.2.1.3.serial.number.keygen.by.ViKiNG.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1072

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1072-60-0x0000000075411000-0x0000000075413000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1072-61-0x00000000744C1000-0x00000000744C3000-memory.dmp

    Filesize

    8KB

    Download