Analysis
-
max time kernel
27s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
17-04-2022 14:40
Static task
static1
Behavioral task
behavioral1
Sample
10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe
-
Size
6.6MB
-
MD5
a4f98a3e44fc2c8c9371a5ea3529785b
-
SHA1
0779436628e5ca4e8e5fc4fb66ebf2b4c7e89891
-
SHA256
10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc
-
SHA512
a90843ffcc6581a6dcb67f73c1dddad01e8ad08746aa4c264562bf1f3928a7e6bf43bab9f9822d35f4c2e8670e4823be75f34c604e32cbcc7ced1c13ca407da9
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/940-55-0x00000000023D0000-0x00000000023DC000-memory.dmp buer behavioral1/memory/940-59-0x0000000040000000-0x0000000040009000-memory.dmp buer behavioral1/memory/940-62-0x00000000023C0000-0x00000000023C9000-memory.dmp buer -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\K: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\L: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\O: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\P: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\U: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\V: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\F: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\H: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\M: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\Q: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\R: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\W: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\A: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\I: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\J: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\S: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\X: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\E: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\G: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\N: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\T: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\Y: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\Z: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe File opened (read-only) \??\B: 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 940 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe 940 10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe