Overview

overview

5

Static

static

sample.exe

windows10-1703-x64

5

Resubmissions

28/08/2022, 23:26

220828-3e8ymagabq 5

10/06/2021, 11:42

210610-j9y37a6cma 5

10/06/2021, 11:31

210610-k9s461t52a 5

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/08/2022, 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.exe

  • Size

    2.3MB

  • MD5

    84ffb87cc91d697db2f5685df68de7af

  • SHA1

    4f0360d60b685ed6059d32aef24c6b3cbbd46e9e

  • SHA256

    10bba07a1965c61a2ec05b46331e3eeda3d7bdeb8074c86009dc11f2564048fa

  • SHA512

    c6b178f37b2318b4eeaf1e151cac70a10b0be8eeb0e8153bd324a66314a33dca27e43254518a4b2db2ed5cab31ff836e0fa84e2a8112b67772409d77f39d5e9f

  • SSDEEP

    24576:FKVGZaevvyK4tN8BEY1ajFO+y/i5TKE3QXq1WYpqKoBo:FKVKaevvyJNaajFei5emdWYpqKoBo

Score
5/10
ransomware

Malware Config

Signatures

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 2 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 52 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sample.exe
    "C:\Users\Admin\AppData\Local\Temp\sample.exe"
    1⤵
    • Drops autorun.inf file
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    PID:4384
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4716

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4384-118-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-119-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-120-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-121-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-122-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-123-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-124-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-125-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-126-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-127-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-128-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-129-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-130-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-131-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-132-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-133-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-135-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-134-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-136-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-138-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-137-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-139-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-140-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-141-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-142-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-143-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-144-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-145-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-146-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-147-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-148-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-149-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-150-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-151-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-153-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-154-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-155-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-156-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-158-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-159-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-160-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-157-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-152-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-162-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-164-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-166-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-168-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-169-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-170-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-172-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-171-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-167-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-165-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-163-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-161-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4384-173-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download