Analysis
-
max time kernel
25s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
01-10-2022 13:08
General
-
Target
点击安装(飞机)简体中文语言包_v34.exe
-
Size
111KB
-
MD5
cefc0e9cacf1aaa6fd238739d2c73778
-
SHA1
79d801453e0985157c15667b7c5b4dccee202c01
-
SHA256
1e893be559a9628d4fc10ba009ecec9640f9b01db2162d7cf003a1ce10b247cd
-
SHA512
9107d86a951a055cf558303a95bb565d867ff05d6d92dc3fc68489758ab87e6f514370361f14763acd81ab31f3dba099c5da443189e784b8a0c5355a74c2b275
-
SSDEEP
1536:u5nBnqbxKJ38W2wUa0STkuWBzsIE9guaj6qxGfSVR1hSGYH+8VJ3uc9dlSfjgfsM:wJ3nnU1zLESz6GxVR1h6+8GUU2jisj
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\点击安装(飞机)简体中文语言包_v34.exe"C:\Users\Admin\AppData\Local\Temp\点击安装(飞机)简体中文语言包_v34.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\点击安装(飞机)简体中文语言包_v34.exe"C:\Users\Admin\AppData\Local\Temp\点击安装(飞机)简体中文语言包_v34.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1636-54-0x000007FEFB821000-0x000007FEFB823000-memory.dmpFilesize
8KB
-
memory/1636-55-0x0000000001F00000-0x0000000001F44000-memory.dmpFilesize
272KB
-
memory/1636-54-0x000007FEFB821000-0x000007FEFB823000-memory.dmpFilesize
8KB
-
memory/1636-55-0x0000000001F00000-0x0000000001F44000-memory.dmpFilesize
272KB