Overview

overview

3

Static

static

1

Компл...df.exe

windows7_x64

3

Компл...df.exe

windows10_x64

3

Analysis

  • max time kernel
    77s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    26-09-2021 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Комплект документов по запросу от 20.08.2021 БН.pdf.exe

  • Size

    1.7MB

  • MD5

    7495d4b8448734d54e24c87a461fb8cd

  • SHA1

    9aa95d81d4306ab186c935aae358e6084a5286d5

  • SHA256

    258b364ab27f67fe67b70169cbf89998ad2bcf6e348d05e9426c40463f4e65e9

  • SHA512

    d30c4526199cbc30f00cd1f59851b1a51974c9b16a36da1a2b6eb2edfba79028052cc997a095d8e0e1225f2a2fdb32a7e2db62a330c1ca07a6eca4395363ed91

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 44 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Комплект документов по запросу от 20.08.2021 БН.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Комплект документов по запросу от 20.08.2021 БН.pdf.exe"
    1⤵
      PID:1120
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:472
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1928

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Discovery

      System Information Discovery

      1
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/472-61-0x000007FEFB681000-0x000007FEFB683000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1120-60-0x0000000074D91000-0x0000000074D93000-memory.dmp
        Filesize

        8KB

        Download