2113f8475c90e4bf5a623210e294f71b79b84ea99bef5b342b6b2026edfcb04c | Triage

Analysis

max time kernel
94s
max time network
18s
platform
windows7_x64
resource
win7v20210408
submitted
29/06/2021, 11:03

Sharing

Report Analysis Logs

General

Target

encrypt (1).exe
Size

14.0MB
MD5

0ca5f4c1f5f9548f46fbb1cbdd05aa10
SHA1

80e7629dd39f988c5f498eb37559a5c7c4e78295
SHA256

2113f8475c90e4bf5a623210e294f71b79b84ea99bef5b342b6b2026edfcb04c
SHA512

05ec3b855fb5f2d0233d11342d0ab933fe8d615179daf3e05cb97d8a9a474c1ec5001497ea74a34f961b0e4b63329c8cdcb8272f342f2835334aa3803624efb5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 52 IoCs

pid	Process
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe
2016	encrypt (1).exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2016	encrypt (1).exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 980 wrote to memory of 2016	980	encrypt (1).exe	26
PID 980 wrote to memory of 2016	980	encrypt (1).exe	26
PID 980 wrote to memory of 2016	980	encrypt (1).exe	26
PID 980 wrote to memory of 2016	980	encrypt (1).exe	26

C:\Users\Admin\AppData\Local\Temp\encrypt (1).exe
"C:\Users\Admin\AppData\Local\Temp\encrypt (1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:980
- C:\Users\Admin\AppData\Local\Temp\encrypt (1).exe
  "C:\Users\Admin\AppData\Local\Temp\encrypt (1).exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-125-0x00000000488C0000-0x00000000488D3000-memory.dmp

Filesize
76KB

Download