Analysis
-
max time kernel
19s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
03-08-2021 07:41
General
-
Target
fd945e2cc6d1b3a453135d5df04eeccbfd16f76e0744dd27b99e0eccaa9053bd.sample.exe
-
Size
207KB
-
MD5
900c456cbcd61ed2bf91378112e93eb0
-
SHA1
c227ca088a4f80729b83396cafa0152d9778254e
-
SHA256
fd945e2cc6d1b3a453135d5df04eeccbfd16f76e0744dd27b99e0eccaa9053bd
-
SHA512
e9e71efbe7e70ece0d5022c401d6cb8c808237946b6a30fcfe18d8d43ea93460c04977015daf05a7baa5a9f1467c5ffdcf499a52706c27a0055529a3f38f0ba7
Score
10/10
Malware Config
Signatures
-
HiddenTear Ransomware
Open-Source ransomware available on Github since 2015, with many versions in the wild.
-
suricata: ET MALWARE Observed Reimageplus Ransomware Domain in TLS SNI
-
suricata: ET MALWARE Reimageplus Ransomware Checkin
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd945e2cc6d1b3a453135d5df04eeccbfd16f76e0744dd27b99e0eccaa9053bd.sample.exe"C:\Users\Admin\AppData\Local\Temp\fd945e2cc6d1b3a453135d5df04eeccbfd16f76e0744dd27b99e0eccaa9053bd.sample.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/632-114-0x0000000000920000-0x0000000000921000-memory.dmpFilesize
4KB
-
memory/632-116-0x00000000056B0000-0x00000000056B1000-memory.dmpFilesize
4KB
-
memory/632-117-0x0000000005250000-0x0000000005251000-memory.dmpFilesize
4KB
-
memory/632-118-0x00000000051B0000-0x00000000056AE000-memory.dmpFilesize
5.0MB
-
memory/632-119-0x0000000005170000-0x0000000005171000-memory.dmpFilesize
4KB