Overview

overview

4

Static

static

65b9e40652...49.exe

windows7-x64

4

65b9e40652...49.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    44s
  • max time network
    70s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-10-2022 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65b9e40652cf625b40e298131ecb87211b8ba867091bd535786b675b11a55f49.exe

  • Size

    186KB

  • MD5

    836ca8dc17f8da694ea736611f2cbb10

  • SHA1

    8c6d5e929b4231ddda22635acddb44e842df9382

  • SHA256

    65b9e40652cf625b40e298131ecb87211b8ba867091bd535786b675b11a55f49

  • SHA512

    a2d09654a0631deedd110a878b4e514d6494784eb24133eba4e3e9b1f93acbcc9503d2e55222280740e063f80c548cbb7e46fc3639d27c97b48cf66630521b1e

  • SSDEEP

    3072:DDzwcnj7u7rVWikKUsOtQHS1KbF7mQM+Hbs+RoZtnsB7/bw/lYuUysQ0+YC8OHwn:DDzwcnj67bOwS1K57mQMfaoZtnywNYuS

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65b9e40652cf625b40e298131ecb87211b8ba867091bd535786b675b11a55f49.exe
    "C:\Users\Admin\AppData\Local\Temp\65b9e40652cf625b40e298131ecb87211b8ba867091bd535786b675b11a55f49.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1752

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1752-54-0x0000000075931000-0x0000000075933000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1752-55-0x0000000001000000-0x0000000001058000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1752-56-0x0000000001000000-0x0000000001058000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1752-57-0x0000000074361000-0x0000000074363000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1752-58-0x0000000001000000-0x0000000001058000-memory.dmp

    Filesize

    352KB

    Download