Overview

overview

10

Static

static

ZPSA-986PA...32.exe

windows7_x64

3

ZPSA-986PA...32.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    39s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220331-en
  • submitted
    14-04-2022 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ZPSA-986PAYMENT522--332.exe

  • Size

    1.1MB

  • MD5

    5e6cd3971f2aef902504f7fbf5cc783b

  • SHA1

    51e46aab5415a29d2edd9b24c302f833c1afc5aa

  • SHA256

    da85f0332f189e34a1c5b2890c03c4d7e45936efa8e7d5ebde60e9d20135ec98

  • SHA512

    11c3e167ec2b021dd3a9448ba6563ac52f8b198224b69ac1f7c06469bbad0a459b8b6705ea4193d9f488628880cfcba3e898b40f2252e773348f84c0de4cbc93

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ZPSA-986PAYMENT522--332.exe
    "C:\Users\Admin\AppData\Local\Temp\ZPSA-986PAYMENT522--332.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\Users\Admin\AppData\Local\Temp\6778.exe
      "C:\Users\Admin\AppData\Local\Temp\6778.exe"
      2⤵
        PID:1328

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/772-54-0x0000000000990000-0x0000000000AB2000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/772-55-0x0000000000390000-0x00000000003C2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/772-56-0x00000000005C0000-0x00000000005D6000-memory.dmp

      Filesize

      88KB

      Download