Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
27-11-2022 10:33
General
-
Target
bfc12957a4fadc56cf5130da9203885743eeccbb8c8b77bb3988219d84bf9f86.exe
-
Size
391KB
-
MD5
69d3efdcefbe2c48da373869723c4581
-
SHA1
36e7359bc003ef18410def193e5dc58833c398e4
-
SHA256
bfc12957a4fadc56cf5130da9203885743eeccbb8c8b77bb3988219d84bf9f86
-
SHA512
43a9eac776d5dca213e921f8e2bf0fd0c9ee77f14ee86ddb2d33612f70590a0189ecd55eb93b06df0351459e11a4cb771e07ecefb77fd857200791c8c210828b
-
SSDEEP
6144:oob6m1dFAokqnYV9wpmqSafvaxcEBRylI:o+1PA/qnYV9wpmqSafvaOEBRy
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfc12957a4fadc56cf5130da9203885743eeccbb8c8b77bb3988219d84bf9f86.exe"C:\Users\Admin\AppData\Local\Temp\bfc12957a4fadc56cf5130da9203885743eeccbb8c8b77bb3988219d84bf9f86.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 9402⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB