Analysis
-
max time kernel
193s -
max time network
207s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 12:38
Static task
static1
Behavioral task
behavioral1
Sample
34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exe
Resource
win10v2004-20221111-en
General
-
Target
34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exe
-
Size
8.3MB
-
MD5
e6e67d99789436ed5b67272c4c5eb296
-
SHA1
51a37070d0b94e1b041b61c25929f02d09830225
-
SHA256
34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6
-
SHA512
67a268458d944b3124a7bc02f616030e928d0935263dc4a29ba1e05a7c1fd2a2fa78b434b3b3244cc90a167fb7fae7d2b9ed5a7160ab0e5e70ed7982d0774484
-
SSDEEP
98304:0W7PMFFGBS17L3hLnUNqHNLWtcJhL7j74/cd:h7PaP7ZnUNaMtcDjf
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AnubisPK = "C:\\Users\\Admin\\AppData\\Local\\ANUBISPACK.exe" 34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exepid process 220 34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exe 220 34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exe"C:\Users\Admin\AppData\Local\Temp\34bbb0e580bc4595452435dcd5e44b91ef0a714a74040cd3f6841f80501c53a6.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:220