Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
20-01-2022 19:04
General
-
Target
f7a038f9b91c40e9d67f4168997d7d8c12c2d27cd9e36c413dd021796a24e083.bin
-
Size
1.8MB
-
MD5
085b8046d0c3958d78751b6825052d66
-
SHA1
6116a5b0c0b6c147a2c715aad2eb1cd082941715
-
SHA256
f7a038f9b91c40e9d67f4168997d7d8c12c2d27cd9e36c413dd021796a24e083
-
SHA512
a1aa3f2c17ae5738285506a990ed4ff83c5cfbc38492c3774a2ef246a26e5ec41aacee62c869420b00557af56831cb88ce5449ee762c7ab5c22245f024192213
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\f7a038f9b91c40e9d67f4168997d7d8c12c2d27cd9e36c413dd021796a24e083.bin1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\f7a038f9b91c40e9d67f4168997d7d8c12c2d27cd9e36c413dd021796a24e083.bin2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f7a038f9b91c40e9d67f4168997d7d8c12c2d27cd9e36c413dd021796a24e083.bin"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/548-57-0x0000000075D61000-0x0000000075D63000-memory.dmpFilesize
8KB
-
memory/836-55-0x000007FEFB5D1000-0x000007FEFB5D3000-memory.dmpFilesize
8KB