Analysis
-
max time kernel
153s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
15-01-2022 01:50
General
-
Target
UnHAnaAW.arm7
-
Size
157KB
-
MD5
5a6f9f201e4ca6a7fdac10e632cb58b8
-
SHA1
930ce61517445d3401fa17e960c960772abd5b1b
-
SHA256
306a86a5f20c305839fc374206ddc20bc38c88531d602782351871b0826dec1b
-
SHA512
5aa41e11345d756f0e2d043e30cb47a7f0a2d42f1216da2b394580e69a3f88925adee9aa2612cee42ad353add2ab65220fd732048c352d34fcbb1147fbff543e
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\UnHAnaAW.arm71⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\UnHAnaAW.arm72⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\UnHAnaAW.arm7"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/768-55-0x0000000000000000-mapping.dmp
-
memory/1680-57-0x0000000000000000-mapping.dmp
-
memory/1680-58-0x0000000074F01000-0x0000000074F03000-memory.dmpFilesize
8KB
-
memory/1908-54-0x000007FEFB7E1000-0x000007FEFB7E3000-memory.dmpFilesize
8KB