Overview

overview

7

Static

static

ad87551142...35.exe

windows7-x64

3

ad87551142...35.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-11-2022 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad8755114205a140f9d0a02321c3c97a71c48f2ae06548c808fefd0edcfd3235.exe

  • Size

    191KB

  • MD5

    0dd79df72df8cd086cebd8a8c2d00008

  • SHA1

    3c38a8ec2a0f0230e141f52fab89c7b30c9f9741

  • SHA256

    ad8755114205a140f9d0a02321c3c97a71c48f2ae06548c808fefd0edcfd3235

  • SHA512

    7ac495327b486864f9677e065ebfeabee22988eeb9acc1ecbab3bab18f5b6a45635ca45ec2aaa0bb64446312a2fed291ffb940123578e6b104fc6f919e178594

  • SSDEEP

    3072:HADWbKzKbQmSVdSme+xmJyD4BliqzsmmEpEmboQd+ccewkyeZyYPuvGCJ30EZ0di:HAVySV1eY4k437d+4wkTHdS26

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad8755114205a140f9d0a02321c3c97a71c48f2ae06548c808fefd0edcfd3235.exe
    "C:\Users\Admin\AppData\Local\Temp\ad8755114205a140f9d0a02321c3c97a71c48f2ae06548c808fefd0edcfd3235.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    PID:1632

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads