Analysis Overview
SHA256
0b8917479bd556c8b08c7a1116a69fe3775d09338111990cdda9b54832719c5a
Threat Level: Known bad
The file 0b8917479bd556c8b08c7a1116a69fe3775d09338111990cdda9b54832719c5a was found to be: Known bad.
Malicious Activity Summary
Detected Xorist Ransomware
Xorist family
Xorist Ransomware
Program crash
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-11-26 04:44
Signatures
Detected Xorist Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xorist family
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-26 04:44
Reported
2022-11-26 17:17
Platform
win7-20220812-en
Max time kernel
41s
Max time network
45s
Command Line
Signatures
Detected Xorist Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xorist Ransomware
Processes
C:\Users\Admin\AppData\Local\Temp\0b8917479bd556c8b08c7a1116a69fe3775d09338111990cdda9b54832719c5a.exe
"C:\Users\Admin\AppData\Local\Temp\0b8917479bd556c8b08c7a1116a69fe3775d09338111990cdda9b54832719c5a.exe"
Network
Files
memory/1760-54-0x0000000075C51000-0x0000000075C53000-memory.dmp
memory/1760-55-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-11-26 04:44
Reported
2022-11-26 17:17
Platform
win10v2004-20220901-en
Max time kernel
88s
Max time network
129s
Command Line
Signatures
Detected Xorist Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xorist Ransomware
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\0b8917479bd556c8b08c7a1116a69fe3775d09338111990cdda9b54832719c5a.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\0b8917479bd556c8b08c7a1116a69fe3775d09338111990cdda9b54832719c5a.exe
"C:\Users\Admin\AppData\Local\Temp\0b8917479bd556c8b08c7a1116a69fe3775d09338111990cdda9b54832719c5a.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2320 -ip 2320
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 360
Network
| Country | Destination | Domain | Proto |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 20.42.73.24:443 | tcp | |
| N/A | 178.79.208.1:80 | tcp | |
| N/A | 104.80.225.205:443 | tcp |
Files
memory/2320-132-0x0000000000400000-0x000000000041E000-memory.dmp