Analysis
-
max time kernel
98s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11-10-2022 23:58
Static task
static1
Behavioral task
behavioral1
Sample
3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe
Resource
win10v2004-20220812-en
General
-
Target
3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe
-
Size
72KB
-
MD5
631b87259d051093a86883585b6b206c
-
SHA1
98b56d9b36e69a81e4f33e4457334b18a08630cf
-
SHA256
3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586
-
SHA512
07777ae9953e2c03f5099c78d9ff85452ae11a39b75113a168ec5a3e7bfbc189450cd637519a7911bc02e532db6cfd1ec4dc6e8e22ca7a44b3b6c4269a5c4942
-
SSDEEP
1536:E51ch6fML2uxSY+A37feaCMJDmYsLIb4PvYqHB/AdGT:E51eKMauxSDADeak7dJHB/AdGT
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4932 3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe 4932 3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4932 3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe"C:\Users\Admin\AppData\Local\Temp\3d1898e04aafa6fee645041f5fef6ae7212e589e97bbb846254b6e41a0ba5586.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4932