Analysis Overview
SHA256
f62cebe556bf3cdac1deae1af87712ad928f25e95b6630973511903fcf889c37
Threat Level: Known bad
The file main.exe was found to be: Known bad.
Malicious Activity Summary
Detected Egregor ransomware
Egregor family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-06-18 22:36
Signatures
Detected Egregor ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Egregor family
Analysis: behavioral1
Detonation Overview
Submitted
2022-06-18 22:36
Reported
2022-06-18 22:45
Platform
win7-20220414-en
Max time kernel
415s
Max time network
419s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
Network
Files
memory/2020-54-0x0000000001290000-0x00000000013B8000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-06-18 22:36
Reported
2022-06-18 22:47
Platform
win10-20220414-en
Max time kernel
587s
Max time network
589s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.168.112.66:443 | tcp | |
| NL | 20.86.173.234:80 | tcp |
Files
memory/2956-114-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-115-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-116-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-117-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-118-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-119-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-121-0x0000000000360000-0x0000000000488000-memory.dmp
memory/2956-122-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-120-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-123-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-124-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-125-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-126-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-127-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-128-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-129-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-130-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-131-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-132-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-133-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-134-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-135-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-136-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-137-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-138-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-139-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-140-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-141-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-143-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-142-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-145-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-144-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-146-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-148-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-147-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-149-0x00000000771F0000-0x000000007737E000-memory.dmp
memory/2956-150-0x0000000000360000-0x0000000000488000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2022-06-18 22:36
Reported
2022-06-18 22:47
Platform
win10v2004-20220414-en
Max time kernel
490s
Max time network
494s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.10:443 | tcp | |
| DE | 67.24.27.254:80 | tcp | |
| BE | 8.238.110.126:80 | tcp | |
| BE | 8.238.110.126:80 | tcp | |
| BE | 8.238.110.126:80 | tcp |
Files
memory/1964-130-0x0000000000430000-0x0000000000558000-memory.dmp
memory/1964-131-0x0000000000430000-0x0000000000558000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2022-06-18 22:36
Reported
2022-06-18 22:37
Platform
win11-20220223-en