Analysis
-
max time kernel
146s -
max time network
138s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
16-12-2021 17:49
Behavioral task
behavioral1
Sample
tmp/4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
tmp/4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe
-
Size
27KB
-
MD5
702843f05e3db0afaa615fdd8f262be6
-
SHA1
4c2de1531c7072598d4d399147c8add254421a25
-
SHA256
e63d3be538ff76863ee863299e16a554e83908abaab1b59128b398d898cebcf7
-
SHA512
eefb2c83fbb2a3d2bdfd7eb2309449ded6243c544eb223820e0f0e1f553a46e9fa975fbeb123b3d7bf9ebe5c884f6eee0340b6a7e09f1ea075a7fa7bb4463102
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes:
4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exedescription pid process Token: SeDebugPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 1880 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe