Analysis
-
max time kernel
156s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
25-11-2022 12:31
General
-
Target
1e331893884ce2c8c078e96460b67133815e83d08da59733287cfec9146530c7.exe
-
Size
2.2MB
-
MD5
6f100b81066ee037b7af66a8a9ed83ee
-
SHA1
c8e9c126a829448ec08e27d83e3d9ee12586a0b3
-
SHA256
1e331893884ce2c8c078e96460b67133815e83d08da59733287cfec9146530c7
-
SHA512
1da8cadb2af86b4ee489f8742f3dde2ab8d164e113e51f7016dafc11dfef31fc8ab09c3464bb1c9b01c145234864f193fafc5d9280db2f8b1efe56075039ec33
-
SSDEEP
49152:/ZQYJxOgXGcvv2nf3srEPZ62zTbPtm7vdfa/ZGbpqOL:KYjVXGcvk8rEPnzTztxQ
Score
8/10
Malware Config
Signatures
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 8 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e331893884ce2c8c078e96460b67133815e83d08da59733287cfec9146530c7.exe"C:\Users\Admin\AppData\Local\Temp\1e331893884ce2c8c078e96460b67133815e83d08da59733287cfec9146530c7.exe"1⤵
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4556-132-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-133-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-134-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-136-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-138-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-140-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-142-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-144-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-146-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-148-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-154-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-156-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-152-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-150-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-158-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-160-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-162-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-164-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-166-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-168-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-170-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-172-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-174-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/4556-175-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB