Overview

overview

3

Static

static

1

c942f15ff4...5e.exe

windows7-x64

3

c942f15ff4...5e.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    34s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 09:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c942f15ff4e57db80e61e73868cf402cab11ee036d4ddf42f5db2cf07383fe5e.exe

  • Size

    638KB

  • MD5

    8a0e10df3f1022a83108a5f1cb3598cd

  • SHA1

    c2d80176c99929732d4cbc6ea6c17e0c20403f0a

  • SHA256

    c942f15ff4e57db80e61e73868cf402cab11ee036d4ddf42f5db2cf07383fe5e

  • SHA512

    928964e0e51570fb28795a634cad85254299b55cf7e797192da0d26268ba8bfb105f8d97a766201983f0bb9410499c9b17745172b209a4a6a842324f9f3e7906

  • SSDEEP

    12288:0uudhYcGL//JWM01Vfby4QQvRO4mqPeQ9HXD4AQfyjloMDPeu/CDxwL6PZ1:0uehYT/hmflRBmqPeQ93D4AQKjOMDPFw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c942f15ff4e57db80e61e73868cf402cab11ee036d4ddf42f5db2cf07383fe5e.exe
    "C:\Users\Admin\AppData\Local\Temp\c942f15ff4e57db80e61e73868cf402cab11ee036d4ddf42f5db2cf07383fe5e.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1692

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1692-54-0x0000000075661000-0x0000000075663000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1692-55-0x0000000074591000-0x0000000074593000-memory.dmp

    Filesize

    8KB

    Download