Analysis
-
max time kernel
148s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08/10/2022, 10:07
Static task
static1
Behavioral task
behavioral1
Sample
招标采购文件.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
招标采购文件.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
招标采购文件.exe
-
Size
7.0MB
-
MD5
fd41c25355388f93354ee14d3bf55b45
-
SHA1
60340e1c18329f7ae6f7b3fc1daa5dff4797384a
-
SHA256
48746207afbe5f22621aba776d9255585f41d5edd0e5ab9ab64fa7c12af77124
-
SHA512
5c3cf824e536f158f057314e89cee04b110e3822114915df45e5daab5c5eb2c342d2e2723dfe1caace58f774a67b3d81aaecc6938fa011c5fa4beb3677c521e4
-
SSDEEP
196608:9NozTqcw3XKyb4O7NADtV6v+JjZ1lzNo8KWLScn2m6WHX8d:0+7MZz9T2uHX8d
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 15 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\AppUserModelID = "DocApp.AppID.NoVersion" 招标采购文件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell\printto\command 招标采购文件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell\printto 招标采购文件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document 招标采购文件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\??????.exe,0" 招标采购文件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell\print\command 招标采购文件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell\print 招标采购文件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell\print\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\??????.exe /p \"%1\"" 招标采购文件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell\printto\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\??????.exe /pt \"%1\" \"%2\" \"%3\" \"%4\"" 招标采购文件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\ = "DocApp.Document" 招标采购文件.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\??????.exe \"%1\"" 招标采购文件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell 招标采购文件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell\open\command 招标采购文件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\shell\open 招标采购文件.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DocApp.Document\DefaultIcon 招标采购文件.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1964 招标采购文件.exe 1964 招标采购文件.exe 1964 招标采购文件.exe