Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
26-09-2021 19:45
Static task
static1
Behavioral task
behavioral1
Sample
23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe
Resource
win10-en-20210920
0 signatures
0 seconds
General
-
Target
23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe
-
Size
532KB
-
MD5
b9e2e61bebc6f956829970d8a8d13462
-
SHA1
f504a99774d503c2ea89a75ae78bf910ef8e1d57
-
SHA256
23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0
-
SHA512
9832d381acde4cb46adee7169f07d08c1a7d7afd5f8aed2aebdedf68ba2dceb997c923631dd6bbd28f484856e31671df4389858592b680160eaccbb0358486a2
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 23e3a945fefaec97607d69278a7317cab71cf0a61fd79bbd45462a69ffcc90c0.exe