Overview

overview

6

Static

static

Trojan-Ran...er.exe

windows7-x64

6

Trojan-Ran...er.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2022, 17:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Trojan-Ransom.Win32.Blocker.exe

  • Size

    121KB

  • MD5

    3de607e16f7bc29341c1dc808f8975cd

  • SHA1

    748b0d8ce4246869d7e5d1ef3999f7bbadadc9a0

  • SHA256

    c2aec1b7cc75e60fa1d9306ed7e17925ac54df141f96b51f29a2fcdf592d198a

  • SHA512

    4ab635b454dbf52335b0ea993261f1988b9e2a44cbef09c2034852997df5ee16cd742707293da4cba65c64c36b1ca37ea504312c6799f058baea2e9720a48709

  • SSDEEP

    3072:SEPMEvpWuZLcMfFgRDc8RDYwubBL/5wUhZBIMhk:SLERWfcFURgLeUhZBI

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe"
    1⤵
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2672

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2672-132-0x00007FF8F7790000-0x00007FF8F81C6000-memory.dmp

          Filesize

          10.2MB

          Download

        • memory/2672-133-0x000000000119A000-0x000000000119F000-memory.dmp

          Filesize

          20KB

          Download

        • memory/2672-134-0x0000000020030000-0x0000000020130000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2672-135-0x000000000119A000-0x000000000119F000-memory.dmp

          Filesize

          20KB

          Download

        • memory/2672-136-0x0000000020030000-0x0000000020130000-memory.dmp

          Filesize

          1024KB

          Download