Analysis
-
max time kernel
153s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 05:58
Behavioral task
behavioral1
Sample
ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc.exe
-
Size
81KB
-
MD5
71c50c8e9b397f5c411eef6a4bcfd95e
-
SHA1
d673dba48390fa8d87cb5cb0318aed397a0382d4
-
SHA256
ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc
-
SHA512
7c265b82dbec012de0aa8aad45d2f6d09e51fd0f7614bb0cec6bf046ac3b84306acdab4c2257772629bd333781e94dc0663a5daff1377db5b5b91af7b8044623
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc.exepid process 4968 ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc.exe"C:\Users\Admin\AppData\Local\Temp\ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc.exe"1⤵
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\shelltrc.exe"C:\Windows\SysWOW64\shelltrc.exe"1⤵