Overview

overview

6

Static

static

bf6d31bf5b...d5.exe

windows7-x64

6

bf6d31bf5b...d5.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    188s
  • max time network
    196s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 15:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf6d31bf5b909b77682a9208ffed27c40695ac7d3920510185e4dcd1735ce8d5.exe

  • Size

    181KB

  • MD5

    bfec32c5f12471e07c10a2bbe7c5b73d

  • SHA1

    a4f63efcf02f0168cae767fbe8d8ed43318277bf

  • SHA256

    bf6d31bf5b909b77682a9208ffed27c40695ac7d3920510185e4dcd1735ce8d5

  • SHA512

    294091f8ad046c0d9001d098b5080a6ebd99d5a6d607790f296c4ec3f82027893acd0e031122fad9eddd0e91a78d9a2360e994fcecf322d25bf51fe640df36cd

  • SSDEEP

    3072:Xv/z6vxocZ0FQWe1MQ+3eilbz0AK4rvotXL0WcQcHLw+:XmvxEdlbgnSvot70WcQcHM+

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf6d31bf5b909b77682a9208ffed27c40695ac7d3920510185e4dcd1735ce8d5.exe
    "C:\Users\Admin\AppData\Local\Temp\bf6d31bf5b909b77682a9208ffed27c40695ac7d3920510185e4dcd1735ce8d5.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1296

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads