Analysis

  • max time kernel
    98s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2022 23:58

General

  • Target

    3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe

  • Size

    72KB

  • MD5

    631b87259d051093a86883585b6b206c

  • SHA1

    98b56d9b36e69a81e4f33e4457334b18a08630cf

  • SHA256

    3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586

  • SHA512

    07777ae9953e2c03f5099c78d9ff85452ae11a39b75113a168ec5a3e7bfbc189450cd637519a7911bc02e532db6cfd1ec4dc6e8e22ca7a44b3b6c4269a5c4942

  • SSDEEP

    1536:E51ch6fML2uxSY+A37feaCMJDmYsLIb4PvYqHB/AdGT:E51eKMauxSDADeak7dJHB/AdGT

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe
    "C:\Users\Admin\AppData\Local\Temp\3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4932

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4932-132-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

  • memory/4932-133-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB