Analysis
-
max time kernel
185s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
25-11-2022 12:35
General
-
Target
dfb83d9f4571bd0f42ff1b9912e7f6968ea6d4a593214cf65fd961531631e9e6.exe
-
Size
1.1MB
-
MD5
7e1a3750bb26430a86063c6c58c76721
-
SHA1
ed0ed0ac9d817dc79c6f94103afc2a3f24e50d29
-
SHA256
dfb83d9f4571bd0f42ff1b9912e7f6968ea6d4a593214cf65fd961531631e9e6
-
SHA512
28c8de912f17e85f206ae78fb488654ba5bd1b4f9ca76dc34392698148a5242a0153682fd6d7e02700b33e6f0f56797c3b3b7f3ed237b5da666c03acff88beca
-
SSDEEP
24576:eByhn/WwqPlQULWXeIyayIgF8T4TY06/V:eyuVpLPv0gX6/
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dfb83d9f4571bd0f42ff1b9912e7f6968ea6d4a593214cf65fd961531631e9e6.exe"C:\Users\Admin\AppData\Local\Temp\dfb83d9f4571bd0f42ff1b9912e7f6968ea6d4a593214cf65fd961531631e9e6.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\SysWOW64\WinIo.dllFilesize
36KB
MD5b3b6289999a2762c7da8104e5f47f7ee
SHA1ea3bb66a6de13d86bd40a3005374d4cc9bbb1520
SHA25673663dff8f7ac6ee85f9a7eeca762b002ee615c03b110e0bb64fc69f7b462565
SHA512364d476f71df9b881c34687482e8524a23eaa95bfee5b799c98eaf633880e92ee11a1dbdeeddc3f2e00a8b9cddcb937d3f1b126091d65c2cf4f4e87bafd0d6e5