Analysis
-
max time kernel
117s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
26-09-2021 21:00
General
-
Target
7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228.exe
-
Size
533KB
-
MD5
7b7cda120245358d574b99ef633e21d1
-
SHA1
c0408474fac7cce71788a600cf45c2439911c85e
-
SHA256
7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228
-
SHA512
586c6b74738f69fd690e8b4d9bb02b0e7fddd001e5d9d3922032e0d5ae7d9adb1cb3ce5bfac392086a737232357024c304c50955e65cb199d7a3e2918fede560
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228.exe"C:\Users\Admin\AppData\Local\Temp\7d32bd8f6079723f1e6708caea3574ada8ca835584e8fce37c4bb39577e0c228.exe"1⤵
- Checks processor information in registry
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2392-115-0x00000000022E0000-0x00000000023AF000-memory.dmpFilesize
828KB
-
memory/2392-116-0x0000000000400000-0x000000000050C000-memory.dmpFilesize
1.0MB