Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
15-01-2022 01:50
General
-
Target
UnHAnaAW.arm5
-
Size
65KB
-
MD5
1ab9ba9183a1cfc793e53d95c053a94f
-
SHA1
0f89abb2535540236747f7509c00e7730805132b
-
SHA256
0e96c432e77949a73df5b0b52a741ce1d10e74aa5b2e70f7345dfd577d07a96c
-
SHA512
005a5516047e719e70278945aec4a17cd0ba536551e89251d466dd513c3aa5ac4977a1565cc751baa224fee267aa6481f9dce5463260c8f8eede07243952e569
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\UnHAnaAW.arm51⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\UnHAnaAW.arm52⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\UnHAnaAW.arm5"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/592-55-0x0000000000000000-mapping.dmp
-
memory/864-54-0x000007FEFB781000-0x000007FEFB783000-memory.dmpFilesize
8KB
-
memory/1380-57-0x0000000000000000-mapping.dmp
-
memory/1380-58-0x0000000075421000-0x0000000075423000-memory.dmpFilesize
8KB