Analysis
-
max time kernel
82s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
09-11-2022 11:39
General
-
Target
b2c28cdc4468f65e6fe2f5ef3691fa682057ed51c4347ad6b9672a9e19b5565e
-
Size
5.1MB
-
MD5
3b95df58613ef642a6a2f057b9b4c73c
-
SHA1
0005be24d1c69eec92305e7eec1ad3c594227e73
-
SHA256
b2c28cdc4468f65e6fe2f5ef3691fa682057ed51c4347ad6b9672a9e19b5565e
-
SHA512
e1b49faf9d254ea335aeede2befe907f02e235c38912cc0deb0be7e26605f9e9581974c33110c0a51f274ba33c055ffdd42a13771bc3d48b164d82bf55667063
-
SSDEEP
49152:/it3gMpeqVgFxvIzsAWMesEaeTHTd0vdL0ELrx2A0oK4818p5GtNcSgiGUHk5PkD:/YPeqVDBWMPEaUedtLbykh
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\b2c28cdc4468f65e6fe2f5ef3691fa682057ed51c4347ad6b9672a9e19b5565e1⤵
-
C:\Windows\system32\verclsid.exe"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x4011⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\b2c28cdc4468f65e6fe2f5ef3691fa682057ed51c4347ad6b9672a9e19b5565e1⤵
- Modifies registry class
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\b2c28cdc4468f65e6fe2f5ef3691fa682057ed51c4347ad6b9672a9e19b5565e~\" -spe -an -ai#7zMap10460:200:7zEvent223821⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB