Analysis
-
max time kernel
186s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-05-2022 11:49
Static task
static1
Behavioral task
behavioral1
Sample
driverexportpe.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
driverexportpe.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
driverexportpe.exe
-
Size
347KB
-
MD5
b8eef7ec00336358f41b4e28da99b070
-
SHA1
543be112a811f851f80266393a5a857c272152a3
-
SHA256
ac5d2e64bf99e9b5d86626ab6ab7bca59cc18c072759baa5fe3267ec1326aab0
-
SHA512
0fe70144c300406ca4e4c27b789e1135f1a174923cf7e412a216b47de6951cac3d1a47d06b97891bbe6b09180be59cba62f8d6f497969eb7399d407da5311e99
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
driverexportpe.exedescription ioc process File opened (read-only) \??\e: driverexportpe.exe File opened (read-only) \??\g: driverexportpe.exe File opened (read-only) \??\i: driverexportpe.exe File opened (read-only) \??\j: driverexportpe.exe File opened (read-only) \??\z: driverexportpe.exe File opened (read-only) \??\a: driverexportpe.exe File opened (read-only) \??\b: driverexportpe.exe File opened (read-only) \??\k: driverexportpe.exe File opened (read-only) \??\r: driverexportpe.exe File opened (read-only) \??\v: driverexportpe.exe File opened (read-only) \??\y: driverexportpe.exe File opened (read-only) \??\h: driverexportpe.exe File opened (read-only) \??\q: driverexportpe.exe File opened (read-only) \??\s: driverexportpe.exe File opened (read-only) \??\t: driverexportpe.exe File opened (read-only) \??\u: driverexportpe.exe File opened (read-only) \??\w: driverexportpe.exe File opened (read-only) \??\f: driverexportpe.exe File opened (read-only) \??\l: driverexportpe.exe File opened (read-only) \??\m: driverexportpe.exe File opened (read-only) \??\n: driverexportpe.exe File opened (read-only) \??\o: driverexportpe.exe File opened (read-only) \??\p: driverexportpe.exe File opened (read-only) \??\x: driverexportpe.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.