Analysis
-
max time kernel
122s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-07-2022 03:35
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Barys.100.23666.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Barys.100.23666.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Variant.Barys.100.23666.exe
-
Size
1.5MB
-
MD5
d2eb25bdcfe013e75ec084aa14fc3ac2
-
SHA1
363aadda8bbfd946784d48592af97c602cc4f339
-
SHA256
a785a3fd595c6982341a3482043ebce1f70a1b3fd9780163956d82b5e780b207
-
SHA512
5dd105fa16f5abd3c76242e9cc2673fcbf9b927c5f497c2d52f8a50a0c25aab4eb35d1d0d5969c405e6aaa83a9468068ac9a1cf55b1ba3e9531eeaabfd477c6e
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
SecuriteInfo.com.Variant.Barys.100.23666.exepid process 2624 SecuriteInfo.com.Variant.Barys.100.23666.exe 2624 SecuriteInfo.com.Variant.Barys.100.23666.exe 2624 SecuriteInfo.com.Variant.Barys.100.23666.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SecuriteInfo.com.Variant.Barys.100.23666.exedescription pid process target process PID 2624 wrote to memory of 1344 2624 SecuriteInfo.com.Variant.Barys.100.23666.exe cmd.exe PID 2624 wrote to memory of 1344 2624 SecuriteInfo.com.Variant.Barys.100.23666.exe cmd.exe PID 2624 wrote to memory of 1344 2624 SecuriteInfo.com.Variant.Barys.100.23666.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Barys.100.23666.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Barys.100.23666.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵PID:1344
-