Analysis
-
max time kernel
90s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-07-2022 09:28
Static task
static1
Behavioral task
behavioral1
Sample
your neft payment.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
your neft payment.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
your neft payment.exe
-
Size
1.2MB
-
MD5
369bea3b89272cdb52b9de5d89890931
-
SHA1
ee67c86d5e77dc47a1d25bfc0f88e37c08f28bce
-
SHA256
2678b39e1010dff9c1b9ca3f1580f7a6a580626ff07cbbf434cf66a933d78053
-
SHA512
2ff2dc2997736ff7ce020dd1416424650492144c9b7a1b8c82b166d9bd911353aa093e7b77cf1f28f38be17580dee33ee682fc7ae723f36305b9c61b861a2717
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
your neft payment.exepid process 1964 your neft payment.exe 1964 your neft payment.exe 1964 your neft payment.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
your neft payment.exedescription pid process target process PID 1964 wrote to memory of 1604 1964 your neft payment.exe cmd.exe PID 1964 wrote to memory of 1604 1964 your neft payment.exe cmd.exe PID 1964 wrote to memory of 1604 1964 your neft payment.exe cmd.exe