Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
15-10-2022 22:19
General
-
Target
186f94743c27032ff7401153a52116b4bbbf87c958dd0e2da1c0c111671c0563.exe
-
Size
158KB
-
MD5
cf3e3272a2596bfcf7500a96c5a053b4
-
SHA1
21906922bfcef5d6ab8092514dd77750be48f82f
-
SHA256
186f94743c27032ff7401153a52116b4bbbf87c958dd0e2da1c0c111671c0563
-
SHA512
10ddf33e42a27d6b747e029d86e17a93a7c07628c9a1e7659e5182c705b7535d6263b609775e58101eb1b2363cdf6777d92fda3ae846fd071c7c91e956317061
-
SSDEEP
3072:i8hU/cx2vUNy8Evl9qv7q8+xBv1Qk9nKR1KAZWv3BbPYxwWIiheaAhby/frnX0N:iYscWqv7LqLn3Ai1YxwWvhe/hbqX0
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\186f94743c27032ff7401153a52116b4bbbf87c958dd0e2da1c0c111671c0563.exe"C:\Users\Admin\AppData\Local\Temp\186f94743c27032ff7401153a52116b4bbbf87c958dd0e2da1c0c111671c0563.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C timeout 5 & del "C:\Users\Admin\AppData\Local\Temp\186f94743c27032ff7401153a52116b4bbbf87c958dd0e2da1c0c111671c0563.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\timeout.exetimeout 53⤵
- Delays execution with timeout.exe
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
5.7MB