Analysis
-
max time kernel
31s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 06:52
Static task
static1
Behavioral task
behavioral1
Sample
5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe
Resource
win10v2004-20220901-en
General
-
Target
5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe
-
Size
756KB
-
MD5
66087a4828b668dd3e68638d963973c3
-
SHA1
20c9cbfd52605728020aa56b01e984ee4df9a9a7
-
SHA256
5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f
-
SHA512
65b9cd735ed3922d670c82ad5be6d1c4e8728ec98fa17831b4e6df12df13b53349e8cd9714d9514acff7b5d1263784e0256b70dd800fe8d6325e465594a55928
-
SSDEEP
12288:ohkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aToDUUgwhFrW:QRmJkcoQricOIQxiZY1iaToVhFrW
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 4 IoCs
Processes:
5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exepid process 1960 5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe 1960 5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe 1960 5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe 1960 5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe -
Suspicious use of SendNotifyMessage 4 IoCs
Processes:
5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exepid process 1960 5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe 1960 5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe 1960 5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe 1960 5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe"C:\Users\Admin\AppData\Local\Temp\5009d2b2fb8147d41d75e8e12e3572fa84d2483ffd00bc657d8eeca01d809f5f.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1960-54-0x0000000076321000-0x0000000076323000-memory.dmpFilesize
8KB