Overview

overview

10

Static

static

10

fd945e2cc6...le.exe

windows7_x64

10

fd945e2cc6...le.exe

windows10_x64

10

Resubmissions

03-08-2021 07:41

210803-qwfhgtkjv6 10

26-07-2021 12:41

210726-dxe6lafqxn 10

Analysis

  • max time kernel
    19s
  • max time network
    119s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    03-08-2021 07:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd945e2cc6d1b3a453135d5df04eeccbfd16f76e0744dd27b99e0eccaa9053bd.sample.exe

  • Size

    207KB

  • MD5

    900c456cbcd61ed2bf91378112e93eb0

  • SHA1

    c227ca088a4f80729b83396cafa0152d9778254e

  • SHA256

    fd945e2cc6d1b3a453135d5df04eeccbfd16f76e0744dd27b99e0eccaa9053bd

  • SHA512

    e9e71efbe7e70ece0d5022c401d6cb8c808237946b6a30fcfe18d8d43ea93460c04977015daf05a7baa5a9f1467c5ffdcf499a52706c27a0055529a3f38f0ba7

Score
10/10
hiddentearransomwaresuricata

Malware Config

Signatures

  • HiddenTear Ransomware

    Open-Source ransomware available on Github since 2015, with many versions in the wild.

    ransomwarehiddentear
  • suricata: ET MALWARE Observed Reimageplus Ransomware Domain in TLS SNI
    suricata
  • suricata: ET MALWARE Reimageplus Ransomware Checkin
    suricata
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd945e2cc6d1b3a453135d5df04eeccbfd16f76e0744dd27b99e0eccaa9053bd.sample.exe
    "C:\Users\Admin\AppData\Local\Temp\fd945e2cc6d1b3a453135d5df04eeccbfd16f76e0744dd27b99e0eccaa9053bd.sample.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/632-114-0x0000000000920000-0x0000000000921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-116-0x00000000056B0000-0x00000000056B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-117-0x0000000005250000-0x0000000005251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/632-118-0x00000000051B0000-0x00000000056AE000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/632-119-0x0000000005170000-0x0000000005171000-memory.dmp

    Filesize

    4KB

    Download