Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
-
submitted
29-07-2022 13:07
General
-
Target
tmp.exe
-
Size
440KB
-
MD5
50de304cffc8136ad4710f12411bb8b9
-
SHA1
c33513570bc9a709cd1b6c8a74f4eea0d5e8068c
-
SHA256
9b83c1efc74833172375826612ca54ccf601b3b2bf24dab96b63da8a41dfbeb8
-
SHA512
9a77a5ac3c2a06aaf2b96117a4a557f3fe7de8a8a00888898c8245b6338550664ae0cae35681b0454661413c0f412180637b74707983ef31740ac252f3bfd1fa
Score
6/10
Malware Config
Signatures
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe2⤵
- Accesses Microsoft Outlook profiles
- outlook_office_path
- outlook_win_path
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
752KB