Analysis
-
max time kernel
137s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
20-01-2022 19:03
Static task
static1
Behavioral task
behavioral1
Sample
e7060538ee4b48b0b975c8928c617f218703dab7aa7814ce97481596f2a78556.bin
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e7060538ee4b48b0b975c8928c617f218703dab7aa7814ce97481596f2a78556.bin
Resource
win10v2004-en-20220113
General
-
Target
e7060538ee4b48b0b975c8928c617f218703dab7aa7814ce97481596f2a78556.bin
-
Size
1.8MB
-
MD5
0f933d57cd4c5f5d8717eb126a99ece6
-
SHA1
fd0d6046d6e3096bd38df9aa539d4b5502db9f85
-
SHA256
e7060538ee4b48b0b975c8928c617f218703dab7aa7814ce97481596f2a78556
-
SHA512
55f10ab01700c730c387bff4d3ba94c55f62c8d8d95354ebcb2b4b9a685770a18294883d86ee5f4d89237448b1c3451453e88b729542e264c6961d4c9369c7b5
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3436 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\e7060538ee4b48b0b975c8928c617f218703dab7aa7814ce97481596f2a78556.bin1⤵
- Modifies registry class
PID:1568
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3436
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p1⤵PID:860