Overview

overview

7

Static

static

b114e2770b...e9.exe

windows7-x64

3

b114e2770b...e9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    42s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2022 07:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b114e2770bde0b186ad373d02811147675c8150a7c71da7fd4d5ba62670da8e9.exe

  • Size

    40KB

  • MD5

    c9de3f2c08b4694003969bb81115bbeb

  • SHA1

    34e5309088ea1ddd2d672ef3680db42f34205e93

  • SHA256

    b114e2770bde0b186ad373d02811147675c8150a7c71da7fd4d5ba62670da8e9

  • SHA512

    3f7aae2357b371e422bccfd547a068e72c77b287e0d4e00ee14e18cd64d4f85ea8f097f05aa845ebb1f19f4c25fd2e74b21976e5b10e031bda135624cf09ad4a

  • SSDEEP

    768:vCyCz4qgjgROK73CXX9n0+Dc29Q84fd41jrM5Hguqnm/cVi5:qlhJzktn0+vslCjoGi5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b114e2770bde0b186ad373d02811147675c8150a7c71da7fd4d5ba62670da8e9.exe
    "C:\Users\Admin\AppData\Local\Temp\b114e2770bde0b186ad373d02811147675c8150a7c71da7fd4d5ba62670da8e9.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1976
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1200

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Blue hills.jpg
    Filesize

    27KB

    MD5

    6fb2a38dc107eacb41cf1656e899cf70

    SHA1

    4eee44b18576e84de7b163142b537d2fe6231845

    SHA256

    62e85a0f3a4cbc01b6d3390d63de0f7d051e1e723aeb071416a38799c50738ea

    SHA512

    939f4a7f03996833d54a36f608949a579a7e6c37f5a477694287158fae1403bce8b5b57603ac45f8caf683129f918093e5663703c05d44e78e9e3606a0d683fb

    Download Submit

  • memory/1976-56-0x00000000762B1000-0x00000000762B3000-memory.dmp

    Filesize

    8KB

    Download