Analysis
-
max time kernel
129s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
01-03-2022 18:14
Static task
static1
Behavioral task
behavioral1
Sample
f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exe
Resource
win10v2004-en-20220113
General
-
Target
f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exe
-
Size
712KB
-
MD5
b2c32c4ca386f1852032ad793d092f6e
-
SHA1
af22336c22d57eb7cea732f447cad7d2ecb37c2c
-
SHA256
f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58
-
SHA512
df8e838da56136351a2e03db23aef2debd984d55cedc26c99570ad35c61293aa7c2918743afd86433d6d5bacd758127a2735a1dbbd3d1dabb2351a00670761f0
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exedescription ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sutup-Filer.exe.lnk f3680fe4c64d0581dc68bc1116798864dd9e361d7d50729e2d89844a58d1cd58.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.