Analysis
-
max time kernel
153s -
max time network
153s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
05-09-2021 14:14
Behavioral task
behavioral1
Sample
UW.exe
Resource
win7-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
UW.exe
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
UW.exe
-
Size
181KB
-
MD5
895ec58af5ab00e5cf169d7277254c0e
-
SHA1
9dbe8246c6e7873b56fa68683839f1e1d4c04d15
-
SHA256
8d5b7810bddd8bec2381134833ac1ce03d753cabe26436b96cba35cd3b3d10c7
-
SHA512
4813c0a9ada6d0814cc9f19aeadfef02f11cc233fc8184fec54a54fc1c3c4bbf70bd259e907b0ab97296241d28a7cd1506ba408b656a0419990e5cb554fd3f6e
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
UW.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk UW.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes:
UW.exedescription pid process Token: SeDebugPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe Token: 33 4648 UW.exe Token: SeIncBasePriorityPrivilege 4648 UW.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4648-114-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB
-
memory/4648-116-0x0000000004B20000-0x0000000004B21000-memory.dmpFilesize
4KB
-
memory/4648-117-0x0000000005950000-0x0000000005951000-memory.dmpFilesize
4KB
-
memory/4648-118-0x0000000005440000-0x0000000005441000-memory.dmpFilesize
4KB
-
memory/4648-119-0x0000000005450000-0x0000000005451000-memory.dmpFilesize
4KB
-
memory/4648-120-0x0000000005400000-0x0000000005401000-memory.dmpFilesize
4KB