Analysis
-
max time kernel
42s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
30-10-2022 06:25
General
-
Target
19efeb9c5a1089a41610cd3cb11ef28fed2e89ad39a5cb391d5ff534741b17cc.exe
-
Size
1.2MB
-
MD5
a27cac37dcd72f1736acf681847662f5
-
SHA1
944c807db3868dd9efbd57e92b58207e1c53bd84
-
SHA256
19efeb9c5a1089a41610cd3cb11ef28fed2e89ad39a5cb391d5ff534741b17cc
-
SHA512
5055cc3899855823c6437c085c4698d8179e1e7c6e332f10fccfdcf5e605fe3b7faa6073b9e9218bfd80e3e77a41d469cba7c5a4c3b0af94e66ade6d3549056a
-
SSDEEP
24576:9MmnDC+rPnAveavusQoiFMJA9u/1olqXefho2Scl7TjFk:9jDCiofupzFMJHNAhLl7Tjy
Score
8/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\19efeb9c5a1089a41610cd3cb11ef28fed2e89ad39a5cb391d5ff534741b17cc.exe"C:\Users\Admin\AppData\Local\Temp\19efeb9c5a1089a41610cd3cb11ef28fed2e89ad39a5cb391d5ff534741b17cc.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\19efeb9c5a1089a41610cd3cb11ef28fed2e89ad39a5cb391d5ff534741b17cc.exe"C:\Users\Admin\AppData\Local\Temp\19efeb9c5a1089a41610cd3cb11ef28fed2e89ad39a5cb391d5ff534741b17cc.exe"2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
804KB