7619df1310daa470e2e217773f5b51c20384df0d6bf5a0d5f55212f0b1d04983

Analysis

max time kernel
151s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 07:38

Target

7619df1310daa470e2e217773f5b51c20384df0d6bf5a0d5f55212f0b1d04983.exe
Size

106KB
MD5

493eddd34adcba1125850605d082e4a2
SHA1

0e05c3b091160e354f368f80d93884d526750b67
SHA256

7619df1310daa470e2e217773f5b51c20384df0d6bf5a0d5f55212f0b1d04983
SHA512

491b842ca146118f26bd006934e8561642b936a64f37b670f9f02d5a4d2bd72e4e7c5ffd0c137cf30e4b5aab793b9b257d88b574395e07c03853bcce6f0da6c4
SSDEEP

3072:Xx+XWc6Uhav9nFp1f9OVFVZXirmHqBe9DaNy+:Vc6wop1OI8r

Score

1^/10

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	svchost.exe

Opens file in notepad (likely ransom note) 1 IoCs

pid	Process
4928	NOTEPAD.EXE

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
3512	7619df1310daa470e2e217773f5b51c20384df0d6bf5a0d5f55212f0b1d04983.exe
3512	7619df1310daa470e2e217773f5b51c20384df0d6bf5a0d5f55212f0b1d04983.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 2220	3512	7619df1310daa470e2e217773f5b51c20384df0d6bf5a0d5f55212f0b1d04983.exe	80
PID 3512 wrote to memory of 2220	3512	7619df1310daa470e2e217773f5b51c20384df0d6bf5a0d5f55212f0b1d04983.exe	80
PID 3512 wrote to memory of 2220	3512	7619df1310daa470e2e217773f5b51c20384df0d6bf5a0d5f55212f0b1d04983.exe	80
PID 2220 wrote to memory of 4928	2220	svchost.exe	81
PID 2220 wrote to memory of 4928	2220	svchost.exe	81
PID 2220 wrote to memory of 4928	2220	svchost.exe	81

C:\Users\Admin\AppData\Local\Temp\7619df1310daa470e2e217773f5b51c20384df0d6bf5a0d5f55212f0b1d04983.txt

Filesize
5B

MD5
43fb2705d9766ea761f934981936503f

SHA1
c9589c81355baab345cd121a76dcd743d65e131c

SHA256
766a90366e6cac315d05afc9c97dcd6206a7f66da260dd41d209bb6ad13947e0

SHA512
ebf82587e4a8dad580b0c6c6959c73315c584cea82c41c073aab41854a44027fbc63d3f360651e726bfe71bc9e99a1b803574715e63d462f90182291ce3dfbf4

Download Submit
memory/2220-135-0x0000000000050000-0x000000000005E000-memory.dmp

Filesize
56KB

Download
memory/2220-136-0x0000000000CD0000-0x0000000000CD7000-memory.dmp

Filesize
28KB

Download
memory/2220-137-0x00000000012C0000-0x0000000001340000-memory.dmp

Filesize
512KB

Download
memory/2220-140-0x00000000012C0000-0x0000000001340000-memory.dmp

Filesize
512KB

Download
memory/3512-133-0x0000000002480000-0x0000000002491000-memory.dmp

Filesize
68KB

Download
memory/3512-134-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download