Overview

overview

10

Static

static

10

589a9ee499...0f.exe

windows7_x64

10

589a9ee499...0f.exe

windows10-2004_x64

3

Analysis

  • max time kernel
    91s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    589a9ee4991d935971bf6f5bad94a527f3b7eeb3e6f3fe469446a7e21246950f.exe

  • Size

    37KB

  • MD5

    6d9ad1b00cd165a29db6015612b4c737

  • SHA1

    7b68c3e9cdf360845720b7216d508a88c6325447

  • SHA256

    589a9ee4991d935971bf6f5bad94a527f3b7eeb3e6f3fe469446a7e21246950f

  • SHA512

    30ecbb2e9973886c2b700ee362e19aba31e5c7b0288a4425d6b3134c8f36892658ede89cedb53b52e4dd334946a18639eab5e082eefd1ff002c92b956da89bd6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\589a9ee4991d935971bf6f5bad94a527f3b7eeb3e6f3fe469446a7e21246950f.exe
    "C:\Users\Admin\AppData\Local\Temp\589a9ee4991d935971bf6f5bad94a527f3b7eeb3e6f3fe469446a7e21246950f.exe"
    1⤵
    • Modifies registry class
    PID:4828
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4164

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4828-130-0x00000000750F0000-0x00000000756A1000-memory.dmp
    Filesize

    5.7MB

    Download