Overview

overview

7

Static

static

5eb1a18db0...bb.exe

windows7-x64

7

5eb1a18db0...bb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    41s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2022, 16:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5eb1a18db0df2e76ba5dd1a7181988ea26e386d0066b011563af9972719c1ebb.exe

  • Size

    300KB

  • MD5

    934bab4f1ca866a3aa37d9d766f1d670

  • SHA1

    a9b9a9a9f8154ccd5f439dcc6064de183f8a07d9

  • SHA256

    5eb1a18db0df2e76ba5dd1a7181988ea26e386d0066b011563af9972719c1ebb

  • SHA512

    d75a88774b69f007500943ad91298eab4212469970ed85e407dc448166b3e60e1194271cca8aeb2dd50252103b359f5257e83ad7c87d5e86d347effb1330bd6e

  • SSDEEP

    3072:tgT4gtei54ZDvCW6NxVMZMlLSFrTw3rFOnJTBZjAKwn7G+k7fZfteE0cav1+tNVL:ST4gt0OleTw3rFmVFkuQ1cadW+

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5eb1a18db0df2e76ba5dd1a7181988ea26e386d0066b011563af9972719c1ebb.exe
    "C:\Users\Admin\AppData\Local\Temp\5eb1a18db0df2e76ba5dd1a7181988ea26e386d0066b011563af9972719c1ebb.exe"
    1⤵
    • Drops startup file
    • Suspicious use of AdjustPrivilegeToken
    PID:1960

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1960-54-0x0000000000290000-0x00000000002E0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1960-55-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

    Filesize

    8KB

    Download