Analysis
-
max time kernel
51s -
max time network
53s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 00:06
Static task
static1
Behavioral task
behavioral1
Sample
3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04.exe
Resource
win10v2004-20221111-en
General
-
Target
3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04.exe
-
Size
4.3MB
-
MD5
a29943d2515adcedf85d78fc0e48a258
-
SHA1
04dba4447469d17283a6c70bc8a20656b2d735f1
-
SHA256
3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04
-
SHA512
209c5d3586fb18ce0e0ac8b419cad1e47ef3adf86da562e9894c98602c2045e87158f0944c54c35074062587de98912f5144a6b706ff71dc1cd5109a334a7787
-
SSDEEP
98304:o9MpHhvYzprr/vBHijXUMgBZwcU9hbkBjL2mGTO2+72AeqL//H8:9pHh2nnQpgBZwv9xSky2+77/H8
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04.exepid process 1140 3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04.exedescription pid process Token: SeDebugPrivilege 1140 3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04.exe"C:\Users\Admin\AppData\Local\Temp\3bb7c68fe66fe431c4a3d486bebbca02671c29b84e26082e57a0e8c42c5cfe04.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1140-54-0x0000000075091000-0x0000000075093000-memory.dmpFilesize
8KB