Overview

overview

10

Static

static

9a8f9a2804...7f.exe

windows7_x64

10

9a8f9a2804...7f.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    175s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    20-02-2022 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a8f9a28040bf69a7179de263382b29d1b6da12efc330ada1f983e9fe9b56c7f.exe

  • Size

    112KB

  • MD5

    990b689516914e33319296bf038b8d45

  • SHA1

    c0de363450821deb850bed1a2b6880d84bd9ec3b

  • SHA256

    9a8f9a28040bf69a7179de263382b29d1b6da12efc330ada1f983e9fe9b56c7f

  • SHA512

    e0d42a48a286aa21415e3d5b1e6a4ce0f2947eb0b1de6b73fd13fbd450e141975d05e00a4c332349039f41fb2d71807d9242118b6c0c69392ff9bd0aa062085d

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a8f9a28040bf69a7179de263382b29d1b6da12efc330ada1f983e9fe9b56c7f.exe
    "C:\Users\Admin\AppData\Local\Temp\9a8f9a28040bf69a7179de263382b29d1b6da12efc330ada1f983e9fe9b56c7f.exe"
    1⤵
      PID:2480
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3828

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3828-134-0x00000288DF380000-0x00000288DF390000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3828-133-0x00000288DF320000-0x00000288DF330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3828-135-0x00000288E1A30000-0x00000288E1A34000-memory.dmp

      Filesize

      16KB

      Download