Overview

overview

3

Static

static

1

a6976c5add...27.exe

windows7-x64

3

a6976c5add...27.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6976c5addd6fea5e809f737874e90a87dbb7e419d8b8279d9d4f83694ebd227.exe

  • Size

    831KB

  • MD5

    4335b2b3252836dd52fd78892a818885

  • SHA1

    8d25928c45f14a29303039f09da6b1af17a4cea8

  • SHA256

    a6976c5addd6fea5e809f737874e90a87dbb7e419d8b8279d9d4f83694ebd227

  • SHA512

    319d1820296f831bd48d7270247d024854fe6cc43611afa28abc01ba62af2fd33939205c06b95a136753a2c22ccaf838552bfbcb32e2e669b84efa97b67596e0

  • SSDEEP

    12288:+quuJcz/jvPAcHtbL2uzpazN3uaL3hJx/D311ULEWIKWc2aaj:Duicr8cNbpzwB+arhJx/D33l0XDu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6976c5addd6fea5e809f737874e90a87dbb7e419d8b8279d9d4f83694ebd227.exe
    "C:\Users\Admin\AppData\Local\Temp\a6976c5addd6fea5e809f737874e90a87dbb7e419d8b8279d9d4f83694ebd227.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1196

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1196-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1196-55-0x0000000074BC1000-0x0000000074BC3000-memory.dmp

    Filesize

    8KB

    Download