Overview

overview

3

Static

static

10

e7060538ee...56.bin

windows7_x64

3

e7060538ee...56.bin

windows10-2004_x64

3

Analysis

  • max time kernel
    137s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    20-01-2022 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e7060538ee4b48b0b975c8928c617f218703dab7aa7814ce97481596f2a78556.bin

  • Size

    1.8MB

  • MD5

    0f933d57cd4c5f5d8717eb126a99ece6

  • SHA1

    fd0d6046d6e3096bd38df9aa539d4b5502db9f85

  • SHA256

    e7060538ee4b48b0b975c8928c617f218703dab7aa7814ce97481596f2a78556

  • SHA512

    55f10ab01700c730c387bff4d3ba94c55f62c8d8d95354ebcb2b4b9a685770a18294883d86ee5f4d89237448b1c3451453e88b729542e264c6961d4c9369c7b5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\e7060538ee4b48b0b975c8928c617f218703dab7aa7814ce97481596f2a78556.bin
    1⤵
    • Modifies registry class
    PID:1568
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3436
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
    1⤵
      PID:860

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads