Analysis
-
max time kernel
151s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03-10-2022 16:08
Behavioral task
behavioral1
Sample
d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe
Resource
win7-20220812-en
4 signatures
150 seconds
General
-
Target
d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe
-
Size
658KB
-
MD5
64597e4e804cb1e9316931ec4d7749c0
-
SHA1
2435b3976f16baef4e40f10f3a22c1d709016c06
-
SHA256
d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a
-
SHA512
da2b73fef275415ac4d10577b61106e18fbf4810ed5e41902c0cc1e9bb989f2fd256f0ba0d2f1a4cadc537298763d101a2d73891103e1e4b5fce14df028ceaca
-
SSDEEP
12288:q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hN:mZ1xuVVjfFoynPaVBUR8f+kN10EBD
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exedescription pid process Token: SeIncreaseQuotaPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeSecurityPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeTakeOwnershipPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeLoadDriverPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeSystemProfilePrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeSystemtimePrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeProfSingleProcessPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeIncBasePriorityPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeCreatePagefilePrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeBackupPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeRestorePrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeShutdownPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeDebugPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeSystemEnvironmentPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeChangeNotifyPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeRemoteShutdownPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeUndockPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeManageVolumePrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeImpersonatePrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: SeCreateGlobalPrivilege 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: 33 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: 34 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe Token: 35 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exepid process 1016 d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe"C:\Users\Admin\AppData\Local\Temp\d7007466cf5f00ddd00d8eef8147bedd4372b83066f38213c9428bb96b06001a.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1016-54-0x00000000756B1000-0x00000000756B3000-memory.dmpFilesize
8KB