Overview

overview

3

Static

static

820f63a47e...46.exe

windows7-x64

3

820f63a47e...46.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    203s
  • max time network
    224s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 10:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    820f63a47e86fe10a784b8a2acc4035fd306c718abc4a04d2330cee748a0d946.exe

  • Size

    920KB

  • MD5

    da7d7c30500ae2a6d5036da5b6b8a822

  • SHA1

    e898b91a63a9c48c1988eaa05ccb5221d96888ad

  • SHA256

    820f63a47e86fe10a784b8a2acc4035fd306c718abc4a04d2330cee748a0d946

  • SHA512

    db1fa7652f55b0ddb4bcd2b00b9f1361a74a68823080edce73d6ecdb1a3e69633039a3b309eb915011fc72bb8adef765e0e67806d319cb0fbdbd1bac30d1de7b

  • SSDEEP

    6144:SZQjh5WC+xiarOOBW5HqdC27Ml2E5UWTITeCE8tTN28ZjwdKa0341n6UNP5P4E6P:LrWC+xia6/5rQ2efZTNlahQI4+M

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\820f63a47e86fe10a784b8a2acc4035fd306c718abc4a04d2330cee748a0d946.exe
    "C:\Users\Admin\AppData\Local\Temp\820f63a47e86fe10a784b8a2acc4035fd306c718abc4a04d2330cee748a0d946.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4164
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\KK.png
      2⤵
        PID:3276

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads