Analysis
-
max time kernel
4294211s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
26-03-2022 04:35
Static task
static1
Behavioral task
behavioral1
Sample
minor.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
minor.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
minor.exe
-
Size
27KB
-
MD5
cc41876131457380518803a6daed9fe3
-
SHA1
352b01bbd7063ebbd3aedbe8e35408fd51584b1a
-
SHA256
db57d70cb349c8db6a0fd0a43a7e2ac68edc258457c9cb6b6dbd19a3e348195c
-
SHA512
284aee559d4734b3ff0732f0e693070498b895cf95de687bc033c113ee195a768d763c05661eaf01171891f517cc27214e1a1e41cfe2900d9a9366dc762c5b25
Score
10/10
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Executes dropped EXE 1 IoCs
pid Process 1636 szgfw.exe -
Loads dropped DLL 2 IoCs
pid Process 2000 minor.exe 2000 minor.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2000 wrote to memory of 1636 2000 minor.exe 27 PID 2000 wrote to memory of 1636 2000 minor.exe 27 PID 2000 wrote to memory of 1636 2000 minor.exe 27 PID 2000 wrote to memory of 1636 2000 minor.exe 27