Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
08-07-2022 03:35
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Barys.100.23666.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Barys.100.23666.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Variant.Barys.100.23666.exe
-
Size
1.5MB
-
MD5
d2eb25bdcfe013e75ec084aa14fc3ac2
-
SHA1
363aadda8bbfd946784d48592af97c602cc4f339
-
SHA256
a785a3fd595c6982341a3482043ebce1f70a1b3fd9780163956d82b5e780b207
-
SHA512
5dd105fa16f5abd3c76242e9cc2673fcbf9b927c5f497c2d52f8a50a0c25aab4eb35d1d0d5969c405e6aaa83a9468068ac9a1cf55b1ba3e9531eeaabfd477c6e
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
SecuriteInfo.com.Variant.Barys.100.23666.exepid process 548 SecuriteInfo.com.Variant.Barys.100.23666.exe 548 SecuriteInfo.com.Variant.Barys.100.23666.exe 548 SecuriteInfo.com.Variant.Barys.100.23666.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
SecuriteInfo.com.Variant.Barys.100.23666.exedescription pid process target process PID 548 wrote to memory of 628 548 SecuriteInfo.com.Variant.Barys.100.23666.exe cmd.exe PID 548 wrote to memory of 628 548 SecuriteInfo.com.Variant.Barys.100.23666.exe cmd.exe PID 548 wrote to memory of 628 548 SecuriteInfo.com.Variant.Barys.100.23666.exe cmd.exe PID 548 wrote to memory of 628 548 SecuriteInfo.com.Variant.Barys.100.23666.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Barys.100.23666.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Barys.100.23666.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:548 -
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵PID:628
-