Analysis
-
max time kernel
116s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19-08-2022 08:09
Static task
static1
Behavioral task
behavioral1
Sample
02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f.exe
Resource
win7-20220812-en
windows7-x64
11 signatures
150 seconds
General
-
Target
02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f.exe
-
Size
899KB
-
MD5
77e815f082224c57b60824e4a0e1bd84
-
SHA1
275ea889ecde5dddd92565b8c2e95eef639b55e8
-
SHA256
02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f
-
SHA512
ebd530738031f6391424609293d485ae54aab0f10c4ff4a8c93667581c7caabd5c40d38f24253eb8a9e0e3a8bba07a4b3edf9aa1e3313f15583628e05595e1fe
Malware Config
Signatures
-
Processes:
yara_rule purplefox_dropper -
Processes:
yara_rule purplefox_rootkit -
Downloads MZ/PE file
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.