Analysis

  • max time kernel
    62s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-07-2022 04:42

General

  • Target

    SecuriteInfo.com.Variant.Symmi.62789.19994.exe

  • Size

    1.3MB

  • MD5

    198abeac7d9443c364a42aa33b38e77a

  • SHA1

    dd2a942a07cc7d2b39870ffb9ff0088cea9a8b1f

  • SHA256

    73e60a75231e52d9f742df2d679c1ac4997147563c43348142b3b6dc9a4ee4a4

  • SHA512

    f094c371a62f0a73b91e172166f127d312efa646ba4de4259b743086f9529f52296f89be65c084033dc7f7e2692180ea7ce72790cba2244f01dbf88d9be23c65

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Symmi.62789.19994.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Symmi.62789.19994.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:5112

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5112-132-0x0000000000000000-mapping.dmp