Analysis
-
max time kernel
144s -
max time network
145s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
16-12-2021 17:49
Behavioral task
behavioral1
Sample
tmp/4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
tmp/4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe
-
Size
27KB
-
MD5
702843f05e3db0afaa615fdd8f262be6
-
SHA1
4c2de1531c7072598d4d399147c8add254421a25
-
SHA256
e63d3be538ff76863ee863299e16a554e83908abaab1b59128b398d898cebcf7
-
SHA512
eefb2c83fbb2a3d2bdfd7eb2309449ded6243c544eb223820e0f0e1f553a46e9fa975fbeb123b3d7bf9ebe5c884f6eee0340b6a7e09f1ea075a7fa7bb4463102
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 33 IoCs
Processes:
4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exedescription pid process Token: SeDebugPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: 33 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe Token: SeIncBasePriorityPrivilege 3532 4ee5ff11-ecf7-451f-9845-49006630bc3a_t2.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3532-115-0x0000000002EB0000-0x0000000002EB1000-memory.dmpFilesize
4KB