Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
03-10-2021 11:01
Behavioral task
behavioral1
Sample
rat.bin.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
rat.bin.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
rat.bin.exe
-
Size
27KB
-
MD5
2e8e794f86f1a051f7e7148e4f88d51b
-
SHA1
aac7a18fc94151ad70ee9bb578042175f2655ddc
-
SHA256
7f3d7000a3459101aa4a5deda1d5732c9a3e02a663e5a56964623ceefa2b491e
-
SHA512
697f484f9c32d8dfe94f62dd184369c980277722f19e5a7dddd2145e7aca291f3546416b98f92d1dc7359abc6d835380f68a9fffa1b55f3725e4b765bfeb5a20
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
rat.bin.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk rat.bin.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes:
rat.bin.exedescription pid process Token: SeDebugPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe Token: 33 3572 rat.bin.exe Token: SeIncBasePriorityPrivilege 3572 rat.bin.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3572-115-0x0000000001830000-0x0000000001831000-memory.dmpFilesize
4KB