Analysis
-
max time kernel
146s -
max time network
138s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
16-12-2021 17:49
General
-
Target
tmp/4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe
-
Size
27KB
-
MD5
702843f05e3db0afaa615fdd8f262be6
-
SHA1
4c2de1531c7072598d4d399147c8add254421a25
-
SHA256
e63d3be538ff76863ee863299e16a554e83908abaab1b59128b398d898cebcf7
-
SHA512
eefb2c83fbb2a3d2bdfd7eb2309449ded6243c544eb223820e0f0e1f553a46e9fa975fbeb123b3d7bf9ebe5c884f6eee0340b6a7e09f1ea075a7fa7bb4463102
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp\4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe"C:\Users\Admin\AppData\Local\Temp\tmp\4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe"1⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1880-54-0x0000000075AB1000-0x0000000075AB3000-memory.dmpFilesize
8KB
-
memory/1880-55-0x00000000009A0000-0x00000000009A1000-memory.dmpFilesize
4KB