Analysis
-
max time kernel
136s -
max time network
147s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
31-08-2021 19:14
Behavioral task
behavioral1
Sample
1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe
-
Size
668KB
-
MD5
a2e0b62fb8b7aa36c51ac1c87e90965f
-
SHA1
77a671bc6f1bf7fb1891f2c0c70bf49b12c7ee1e
-
SHA256
1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4
-
SHA512
4b9bd5b5f8008f55b609c2cd547e316f18d035b273ffe39e390053ccb8938f7f702c08d20d1c8105dc31930b396138fe75a362838ea052bc0bd1990515332eb3
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exedescription pid process Token: SeIncreaseQuotaPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeSecurityPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeTakeOwnershipPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeLoadDriverPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeSystemProfilePrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeSystemtimePrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeProfSingleProcessPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeIncBasePriorityPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeCreatePagefilePrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeBackupPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeRestorePrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeShutdownPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeDebugPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeSystemEnvironmentPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeChangeNotifyPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeRemoteShutdownPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeUndockPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeManageVolumePrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeImpersonatePrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: SeCreateGlobalPrivilege 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: 33 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: 34 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe Token: 35 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exepid process 368 1c85f500e9ca0788bfd183ad5c8a5a8dafe9dd89e76ed7cef7e025f942cd8df4.exe