Analysis
-
max time kernel
81s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
26-09-2021 13:15
General
-
Target
00ddfe1d82a00a50be60c855670fde83ad55845eaefd8279140f9da4fb0b6caf.exe
-
Size
543KB
-
MD5
35b545853079cb4a13e209267638bc65
-
SHA1
e88495cd0dfb917f26dc3e1f7d2c3b8fa34680ad
-
SHA256
00ddfe1d82a00a50be60c855670fde83ad55845eaefd8279140f9da4fb0b6caf
-
SHA512
de7791c1b86db866cd50e412f3c69f6d90e9802450477f3abf05b238fb25a506ffd88ef8318156ec350dca7a9b15c09de018c51c2cd7fdbfeb72040f295eaa64
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Users\Admin\AppData\Local\Temp\00ddfe1d82a00a50be60c855670fde83ad55845eaefd8279140f9da4fb0b6caf.exe"C:\Users\Admin\AppData\Local\Temp\00ddfe1d82a00a50be60c855670fde83ad55845eaefd8279140f9da4fb0b6caf.exe"1⤵
- Checks processor information in registry
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/636-115-0x0000000000400000-0x000000000050F000-memory.dmpFilesize
1.1MB
-
memory/636-114-0x00000000022B0000-0x000000000237F000-memory.dmpFilesize
828KB