Analysis
-
max time kernel
169s -
max time network
193s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
31-07-2022 22:33
Behavioral task
behavioral1
Sample
5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe
Resource
win7-20220718-en
windows7-x64
4 signatures
150 seconds
General
-
Target
5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe
-
Size
658KB
-
MD5
40118b1261b758316db9048da1479e2c
-
SHA1
e9ef0f064844300f1ec223eac3ea05d9252273c2
-
SHA256
5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4
-
SHA512
b56bbe32967be3c38c8a0ec33a1f252f70fc8ea1dfd0e11ca67fc8388a0728d2f00e7ee72a921dd947210a3570ecf4517d41869a9bfde785fee86d1d2a926a0c
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exedescription pid process Token: SeIncreaseQuotaPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeSecurityPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeTakeOwnershipPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeLoadDriverPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeSystemProfilePrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeSystemtimePrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeProfSingleProcessPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeIncBasePriorityPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeCreatePagefilePrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeBackupPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeRestorePrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeShutdownPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeDebugPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeSystemEnvironmentPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeChangeNotifyPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeRemoteShutdownPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeUndockPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeManageVolumePrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeImpersonatePrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: SeCreateGlobalPrivilege 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: 33 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: 34 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe Token: 35 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exepid process 820 5dbb3051fe537edf5768c55be5dec10c3367391ca41d8bb666e24fbf9542dfa4.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/820-54-0x0000000075CB1000-0x0000000075CB3000-memory.dmpFilesize
8KB