Analysis
-
max time kernel
117s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
26-09-2021 21:00
Static task
static1
Behavioral task
behavioral1
Sample
7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228.exe
-
Size
533KB
-
MD5
7b7cda120245358d574b99ef633e21d1
-
SHA1
c0408474fac7cce71788a600cf45c2439911c85e
-
SHA256
7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228
-
SHA512
586c6b74738f69fd690e8b4d9bb02b0e7fddd001e5d9d3922032e0d5ae7d9adb1cb3ce5bfac392086a737232357024c304c50955e65cb199d7a3e2918fede560
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228.exe