Analysis
-
max time kernel
32s -
max time network
47s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
22-10-2021 06:47
General
-
Target
RansomWare.exe
-
Size
158KB
-
MD5
d3c355a11849cbd0d4f3937a79c81c96
-
SHA1
bdc7567d33da81654395d8fefc7500d124d87a31
-
SHA256
8b0d359eb8167b044bf25b943820a3b71e94bc3f0c26d9ba295dee1df014a7c0
-
SHA512
a9091d36341135e74ba7918bc1f1f3960d8d1e049361ccea700662311bdbaa6e8c23a224ca0d640c596d5f8b269839e50104de5e5f96fcfe57ef8523d8a0ce7d
Score
8/10
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Modifies extensions of user files 3 IoCs
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s) 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RansomWare.exe"C:\Users\Admin\AppData\Local\Temp\RansomWare.exe"1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2156-115-0x0000000000030000-0x0000000000031000-memory.dmpFilesize
4KB
-
memory/2156-117-0x0000000004E60000-0x0000000004E61000-memory.dmpFilesize
4KB
-
memory/2156-118-0x0000000004960000-0x0000000004961000-memory.dmpFilesize
4KB
-
memory/2156-119-0x00000000024C0000-0x00000000024C1000-memory.dmpFilesize
4KB
-
memory/2156-120-0x0000000004A10000-0x0000000004A11000-memory.dmpFilesize
4KB
-
memory/2156-121-0x00000000024C3000-0x00000000024C5000-memory.dmpFilesize
8KB