Analysis

  • max time kernel
    90s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-07-2022 04:33

General

  • Target

    SecuriteInfo.com.W32.AIDetect.malware2.13240.exe

  • Size

    1.4MB

  • MD5

    b852214bb13bd7c62db32f98e30a84e0

  • SHA1

    197cca797aae98c0afeb74f71f9342fb1f2f499e

  • SHA256

    e2166dba9f7b3a562c703b355d79bc1e973b26619cb1bfc35938767dbb136a08

  • SHA512

    6cf534fcf9574a087ddc3b8d5bdc6c37ca7cefafa1a7059b05245f5f61b3e09b24af873f4b75c63a47b4a9ceb687f87c0f654eae13060e87257bf3960d56ab6c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.13240.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.13240.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3536
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:4956

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4956-132-0x0000000000000000-mapping.dmp