Overview

overview

3

Static

static

1

c954b519c7...de.exe

windows7-x64

3

c954b519c7...de.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 09:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c954b519c75f321886d512f51ab8eca4858f06849769d576e52e6aa351b6bdde.exe

  • Size

    566KB

  • MD5

    8e9fe2dd57c9f5baae55a5b34123f90e

  • SHA1

    f05fbbc514384cdb85039ca5a6b81d686ef42e04

  • SHA256

    c954b519c75f321886d512f51ab8eca4858f06849769d576e52e6aa351b6bdde

  • SHA512

    e7ea0aaa5120a4ba8cbc59dd749bc3d1f4dd9e9e36f26a25881b6fda1dd21a46d55d2e4b2ea60370cad5e6d475b1a298b656b534146cfd58f6492ed8e39f3451

  • SSDEEP

    12288:gBTt7cY412+qggcuQYQ93PjeuXU1oZTm1RKWlMc5:gToZc+nicjdhdLWac5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c954b519c75f321886d512f51ab8eca4858f06849769d576e52e6aa351b6bdde.exe
    "C:\Users\Admin\AppData\Local\Temp\c954b519c75f321886d512f51ab8eca4858f06849769d576e52e6aa351b6bdde.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1784

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1784-54-0x00000000753C1000-0x00000000753C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1784-55-0x0000000074451000-0x0000000074453000-memory.dmp

    Filesize

    8KB

    Download