Overview

overview

3

Static

static

8c3db5436b...fc.exe

windows7-x64

3

8c3db5436b...fc.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/11/2022, 00:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c3db5436bb9aff16731818cef28b5dcff1beb2fab4f696b500bfa079665fefc.exe

  • Size

    4.3MB

  • MD5

    6df3fc8a4a1f58c06c0ca46562ec2b3f

  • SHA1

    2e4e17bc765e801f329ae3eaf077cf3f9e40aaf3

  • SHA256

    8c3db5436bb9aff16731818cef28b5dcff1beb2fab4f696b500bfa079665fefc

  • SHA512

    079e0265994098dfd098fecf74afd4e7f132c019852bb10c466c45c3b273d99abb7d9efd7dd6842d3c88aa170fe391b14ea618d088e2d16bd14638a72840573a

  • SSDEEP

    98304:o9MpHhvYzprr/vBHijXUMgBZwcU9hbkBjL2mGTO2+72AeqL//HU:9pHh2nnQpgBZwv9xSky2+77/HU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c3db5436bb9aff16731818cef28b5dcff1beb2fab4f696b500bfa079665fefc.exe
    "C:\Users\Admin\AppData\Local\Temp\8c3db5436bb9aff16731818cef28b5dcff1beb2fab4f696b500bfa079665fefc.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3440

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads