Analysis
-
max time kernel
131s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
06/11/2022, 14:29
General
-
Target
Trojan-Ransom.Win32.Blocker.exe
-
Size
124KB
-
MD5
38dd72b242538462324d3bc18e0b4778
-
SHA1
7e8c8bd919ee479606c36882d48c4a74d19614c4
-
SHA256
116da4358543fb75e6ca4efaee18a9b18af2bd0496528e2805c318694d79d62f
-
SHA512
1bce406d15ddbe9fed53af456ea0e21755f0ddea825d0a5c5c0c108ab8b00de74eaab39cacb7eb4bea5b2393b4ff9d8a5503cb1efd9a9eafe10c3f3af8df1afe
-
SSDEEP
3072:s+ELu8G993lZ78isw15Cp0hR7ShUeNXxhbO3:s+jVj8isw1op0hR7ShUr
Score
10/10
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 1 IoCs
-
Windows security modification 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe"C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe"1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB