6270fc40abc62bce9c80fa7954547c04229d2cfd885ef1b319f14ab3aca0b6cb

Analysis

max time kernel
157s
max time network
37s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 12:06

Target

4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
Size

156KB
MD5

fcd21c6fca3b9378961aa1865bee7ecb
SHA1

0abaa05da2a05977e0baf68838cff1712f1789e0
SHA256

4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458
SHA512

e39c1f965f6faeaa33dfec6eba23fbfff14b287f4777797ea79480bb037d6d806516bda7046315e051961fce12e935ac546819c1e0bef5c33568d68955a9792a
SSDEEP

1536:7ZLTzASUIG0TOOYTufIaSWvRYkekdvizSBXxNe9VPw6s6aUCT7Q7qn:OBI9HYyfNBdviGBBQsrhPk4

Score

8^/10

ransomware

Modifies extensions of user files 8 IoCs

Ransomware generally changes the extension on encrypted files.

Processes:

4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe

description	ioc	process
File renamed	C:\Users\Admin\Pictures\FormatStop.tiff => C:\Users\Admin\Pictures\FormatStop.tiff.txd0t	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
File renamed	C:\Users\Admin\Pictures\RenameMeasure.crw => C:\Users\Admin\Pictures\RenameMeasure.crw.txd0t	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
File renamed	C:\Users\Admin\Pictures\UseEnter.crw => C:\Users\Admin\Pictures\UseEnter.crw.txd0t	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
File opened for modification	C:\Users\Admin\Pictures\CloseEnter.tiff	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
File renamed	C:\Users\Admin\Pictures\CloseEnter.tiff => C:\Users\Admin\Pictures\CloseEnter.tiff.txd0t	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
File renamed	C:\Users\Admin\Pictures\ConfirmRevoke.tif => C:\Users\Admin\Pictures\ConfirmRevoke.tif.txd0t	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
File opened for modification	C:\Users\Admin\Pictures\FormatStop.tiff	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
File renamed	C:\Users\Admin\Pictures\ExitTrace.png => C:\Users\Admin\Pictures\ExitTrace.png.txd0t	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe

pid	process
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
832	4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe

memory/832-54-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download