Analysis
-
max time kernel
146s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 15:26
General
-
Target
432a3c22d2235e7fe453ec76e20daa6d5e8bd308d56074b275f484a4e3a0bb21.exe
-
Size
816KB
-
MD5
339e0a490454d88c80abb342555170a6
-
SHA1
0620e7238d02ff5407e2786c1d9d0dc0e36af098
-
SHA256
432a3c22d2235e7fe453ec76e20daa6d5e8bd308d56074b275f484a4e3a0bb21
-
SHA512
a1f7c281cd920c52897908e741da15ff9675b0c2460ac4078bd9b4a44c30abe7afe375aa33aa41fcadfdb699529c3dbc65ffaa1c6f300efe3af704891205e1a1
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC4GP2fZqoVqD3:7JZoQrbTFZY1iaC4FfZLc
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\432a3c22d2235e7fe453ec76e20daa6d5e8bd308d56074b275f484a4e3a0bb21.exe"C:\Users\Admin\AppData\Local\Temp\432a3c22d2235e7fe453ec76e20daa6d5e8bd308d56074b275f484a4e3a0bb21.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\432a3c22d2235e7fe453ec76e20daa6d5e8bd308d56074b275f484a4e3a0bb21.exe"C:\Users\Admin\AppData\Local\Temp\432a3c22d2235e7fe453ec76e20daa6d5e8bd308d56074b275f484a4e3a0bb21.exe"2⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
Filesize
176KB
-
Filesize
176KB