Analysis
-
max time kernel
91s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
24-11-2022 23:23
General
-
Target
7b7c288ca4735bd9056751ec9a307899ebe864418446fd23396666297cee3dd7.exe
-
Size
104KB
-
MD5
28a7d4e2b5f033f4f33791f32c6e9fad
-
SHA1
c14648e59b09f70800e94b715a82a0a1c9022973
-
SHA256
7b7c288ca4735bd9056751ec9a307899ebe864418446fd23396666297cee3dd7
-
SHA512
a6ca99a32132ce326131f22176b8aba0a2c2a2801c3db301c64a5f6ec1f4f456a4d2cdd89b7c0bc4b4c96ca9c313c15777f6aed12d719f1482c0009e7c5960fd
-
SSDEEP
1536:hS06taZRfWxSdh3Hm/ukxj6CB4Y/2ugu39o4loYFusUuoub5IgRefP:n6taqxq3H326CB3NoRsUuo45fg
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7b7c288ca4735bd9056751ec9a307899ebe864418446fd23396666297cee3dd7.exe"C:\Users\Admin\AppData\Local\Temp\7b7c288ca4735bd9056751ec9a307899ebe864418446fd23396666297cee3dd7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7402⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/812-133-0x0000000000000000-mapping.dmp
-
memory/4876-132-0x00007FF85F9E0000-0x00007FF860416000-memory.dmpFilesize
10.2MB