Analysis
-
max time kernel
177s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23/11/2022, 18:37
General
-
Target
12589c822bd96fe55319df6c84904ddb3bd12d41ace5122d1676a47455816f1f.exe
-
Size
1.1MB
-
MD5
3528d9ced53167c7ccebd341317003bd
-
SHA1
661a09db9e54cbddd8fe975f744198fe10fabec2
-
SHA256
12589c822bd96fe55319df6c84904ddb3bd12d41ace5122d1676a47455816f1f
-
SHA512
b12ab84b2e97ed6fcb1ec00b72e724261ad87eb7e5f231774e3b9e454e63e904d1f3a9ed56ae22949f5be8eb1e20e26bc8372f3cecaa87a8b90685c7595a4b7a
-
SSDEEP
24576:QaHMv6Corjqny/Qq7sh01NNbPq6rcvLPdGWl:Q1vqjd/Qq7shYdyLPdB
Score
4/10
Malware Config
Signatures
-
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12589c822bd96fe55319df6c84904ddb3bd12d41ace5122d1676a47455816f1f.exe"C:\Users\Admin\AppData\Local\Temp\12589c822bd96fe55319df6c84904ddb3bd12d41ace5122d1676a47455816f1f.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc start osppsvc2⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc query osppsvc2⤵
- Launches sc.exe
-