Analysis
-
max time kernel
163s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
31-05-2022 08:08
General
-
Target
2cf96acaf71dfc56df74287d20714e4ff899eef7bf1caffd42180e8cc733ab98.bin
-
Size
206KB
-
MD5
d9878ceba3d6734cbb5143a3393a9a07
-
SHA1
4c380b7eecfe5c24671229f15d7cc98e656792b4
-
SHA256
2cf96acaf71dfc56df74287d20714e4ff899eef7bf1caffd42180e8cc733ab98
-
SHA512
f8268ca82f84a9e45a7983ff942e4d8dec84d2853ae2337f1bb787fe15d4864f05843d0223fb41470fe41e2fc75c95691d21d37dcde2043df5961c3df1970f79
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 10 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\2cf96acaf71dfc56df74287d20714e4ff899eef7bf1caffd42180e8cc733ab98.bin1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\2cf96acaf71dfc56df74287d20714e4ff899eef7bf1caffd42180e8cc733ab98.bin2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2cf96acaf71dfc56df74287d20714e4ff899eef7bf1caffd42180e8cc733ab98.bin"3⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/588-81-0x0000000000000000-mapping.dmp
-
memory/588-82-0x0000000075FC1000-0x0000000075FC3000-memory.dmpFilesize
8KB
-
memory/960-76-0x0000000000000000-mapping.dmp
-
memory/1964-54-0x000007FEFBA51000-0x000007FEFBA53000-memory.dmpFilesize
8KB