Overview

overview

3

Static

static

1

63928b5ff6...21.exe

windows7-x64

3

63928b5ff6...21.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    17s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 09:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    63928b5ff6a263874ddabf4dae7f60d7418f519e23fe384e70cba3a04ce26321.exe

  • Size

    823KB

  • MD5

    02d362a4cf8319b97ce4a5346f6d5230

  • SHA1

    bda2939ae2e21699f312918952e08fd7848fd248

  • SHA256

    63928b5ff6a263874ddabf4dae7f60d7418f519e23fe384e70cba3a04ce26321

  • SHA512

    0fa404aadb86a64c796e5f789969c95326ef6bcaf37df94d483af239fde4d5c7bad6e6bf1253758101f9c7ecef5b761efb13a80b7e9fef94bb753d2f07bf01a5

  • SSDEEP

    24576:QueBr8cNbpzwB+afQqkXsW0QU0PtAHXEoTX3wgv9xU:QurcNpkB+RJcr4yH0oTXggv9xU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63928b5ff6a263874ddabf4dae7f60d7418f519e23fe384e70cba3a04ce26321.exe
    "C:\Users\Admin\AppData\Local\Temp\63928b5ff6a263874ddabf4dae7f60d7418f519e23fe384e70cba3a04ce26321.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1264

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1264-54-0x0000000075291000-0x0000000075293000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1264-55-0x00000000741A1000-0x00000000741A3000-memory.dmp

          Filesize

          8KB

          Download