Overview

overview

10

Static

static

10

YOUR NEFT PAY.exe

windows7_x64

3

YOUR NEFT PAY.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    120s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    09/02/2022, 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    YOUR NEFT PAY.exe

  • Size

    1.3MB

  • MD5

    f25c22f38bb732e20c691cba2cdccf84

  • SHA1

    22e4e3d56dfab31dc3e74880090c7615313527d5

  • SHA256

    447574ed06b4e8cb0e9a379b09954355e5e7cc70d48083b52b7ec572bd07c0e2

  • SHA512

    3ece4008151eb32967b238bd316cfc5d93dfd7aa87c85f4f6fadf5867c8de7d13fcdaacfb2b0947e59e37d86705c58a76b9ff4108e0540066ab450bab558ed72

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\YOUR NEFT PAY.exe
    "C:\Users\Admin\AppData\Local\Temp\YOUR NEFT PAY.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:620

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1528-57-0x00000000769D1000-0x00000000769D3000-memory.dmp

      Filesize

      8KB

      Download