Overview

overview

10

Static

static

Priyte's A...++.exe

windows7_x64

10

Priyte's A...++.exe

windows10_x64

10

Resubmissions

12/11/2021, 06:19

211112-g3lmcahgfn 10

12/11/2021, 06:05

211112-gtfpqscgb4 10

Analysis

  • max time kernel
    308s
  • max time network
    360s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    12/11/2021, 06:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Priyte's Adventure C++.exe

  • Size

    304KB

  • MD5

    2a37da5634b1e4b188fc5ef86704e41b

  • SHA1

    540ef0e5a197322a29bbf91f41c6abecdd2a4e35

  • SHA256

    df9aff8d1a7003c662d20b7ec05d489b7dbd02ebc3034ac61081b5c819791d81

  • SHA512

    2fe2ca833e71e7b3ed6ad022d8945db72803483b0358c5f165c775bbe1a7896fe791f296b404b1482ad6bff888ab9ee230bb7c3ef45373687614703f496d2d14

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs
    evasiontrojan
  • Disables Task Manager via registry modification
    evasion
  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\Priyte's Adventure C++.exe
    "C:\Users\Admin\AppData\Local\Temp\Priyte's Adventure C++.exe"
    1⤵
    • Modifies extensions of user files
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • System policy modification
    PID:3996
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4484
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1236

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3996-118-0x0000000000C20000-0x0000000000C21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3996-120-0x0000000005630000-0x0000000005631000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3996-121-0x0000000005580000-0x0000000005581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3996-122-0x0000000005E40000-0x0000000005E41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3996-123-0x00000000059F0000-0x00000000059F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3996-124-0x00000000059C0000-0x00000000059C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3996-125-0x0000000005633000-0x0000000005635000-memory.dmp

      Filesize

      8KB

      Download