Analysis
-
max time kernel
4s -
max time network
39s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
01-09-2021 01:34
Static task
static1
Behavioral task
behavioral1
Sample
NKP09741234.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
NKP09741234.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
NKP09741234.exe
-
Size
637KB
-
MD5
2865d38cb94c66a3a61f24582733bf05
-
SHA1
3449cb1b31c3553212b1fdb57e80e7e23225f424
-
SHA256
4a1274e4fd1d26d5449fa4516ed5e8b79367d9bae501174ac04ee146345e5043
-
SHA512
9d88df252bb52ad486788ddf6c3acfc7326236364ba96314e4fde0c08bcf99a8e395906ec0bbb4483b576145903e3243d7e104f14ccdb567af101e7c74c3c20b
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1660 NKP09741234.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1660 wrote to memory of 2036 1660 NKP09741234.exe 26 PID 1660 wrote to memory of 2036 1660 NKP09741234.exe 26 PID 1660 wrote to memory of 2036 1660 NKP09741234.exe 26 PID 1660 wrote to memory of 2036 1660 NKP09741234.exe 26 PID 1660 wrote to memory of 2036 1660 NKP09741234.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\NKP09741234.exe"C:\Users\Admin\AppData\Local\Temp\NKP09741234.exe"1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Users\Admin\AppData\Local\Temp\NKP09741234.exe"C:\Users\Admin\AppData\Local\Temp\NKP09741234.exe"2⤵PID:2036
-