Analysis
-
max time kernel
153s -
max time network
153s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
05-09-2021 14:14
General
-
Target
UW.exe
-
Size
181KB
-
MD5
895ec58af5ab00e5cf169d7277254c0e
-
SHA1
9dbe8246c6e7873b56fa68683839f1e1d4c04d15
-
SHA256
8d5b7810bddd8bec2381134833ac1ce03d753cabe26436b96cba35cd3b3d10c7
-
SHA512
4813c0a9ada6d0814cc9f19aeadfef02f11cc233fc8184fec54a54fc1c3c4bbf70bd259e907b0ab97296241d28a7cd1506ba408b656a0419990e5cb554fd3f6e
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\UW.exe"C:\Users\Admin\AppData\Local\Temp\UW.exe"1⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4648-114-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB
-
memory/4648-116-0x0000000004B20000-0x0000000004B21000-memory.dmpFilesize
4KB
-
memory/4648-117-0x0000000005950000-0x0000000005951000-memory.dmpFilesize
4KB
-
memory/4648-118-0x0000000005440000-0x0000000005441000-memory.dmpFilesize
4KB
-
memory/4648-119-0x0000000005450000-0x0000000005451000-memory.dmpFilesize
4KB
-
memory/4648-120-0x0000000005400000-0x0000000005401000-memory.dmpFilesize
4KB