Overview

overview

6

Static

static

Trojan-Ran...er.exe

windows7-x64

6

Trojan-Ran...er.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    82s
  • max time network
    85s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trojan-Ransom.Win32.Blocker.exe

  • Size

    230KB

  • MD5

    4a8afa06ff75365161021545efe049cd

  • SHA1

    2782013541933adf3d46b461c25cf7249a8fc1fd

  • SHA256

    9e1cf694b39c5e5e96e0a84fd7c14c73c6aef4973155484ab1b3f864f7f1a842

  • SHA512

    3c0c21c4f400cd302cadc4fc9c742b128997821eaec6855ce0ce4a82a1be76276b9e141ec11c3e5f9bc4d6965f24ff0ea424af0f173c6f9b9fe44dff1bcfb3c3

  • SSDEEP

    6144:AMukfBfjMbrHYPhVIN9ZrEZPsajHt4bGpiKBC7fICrMXuO:AMPQXVNMZPTNZOICrMXu

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Win32.Blocker.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1508

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1508-54-0x000007FEF3410000-0x000007FEF3E33000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1508-55-0x000007FEF2370000-0x000007FEF3406000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/1508-56-0x0000000000226000-0x0000000000245000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1508-57-0x0000000000226000-0x0000000000245000-memory.dmp

    Filesize

    124KB

    Download