Overview

overview

3

Static

static

1

529b09ecf3...d7.exe

windows7-x64

3

529b09ecf3...d7.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 09:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    529b09ecf344d6e16240361bd74f165590726d3cf568a42657cff926de9499d7.exe

  • Size

    633KB

  • MD5

    551309e4c4ba98069c81c96802a19070

  • SHA1

    dbd9f154eeb510918e0c7cd4bff014561a87c557

  • SHA256

    529b09ecf344d6e16240361bd74f165590726d3cf568a42657cff926de9499d7

  • SHA512

    3dd0586172a0573029f405a4c1a0f7cf2f287455c12d97a9ca867c56fe7f423d5f19b011a5d7a92b1a653e2023545db9f879495f3c8ae0d54a4bf359e174e1fd

  • SSDEEP

    12288:puudoYcGL//JWM01Vfby4QQvRO4mqPeQ9HXD4AQfxAwyNa7HyQKkXl:pueoYT/hmflRBmqPeQ93D4AQtHFB1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\529b09ecf344d6e16240361bd74f165590726d3cf568a42657cff926de9499d7.exe
    "C:\Users\Admin\AppData\Local\Temp\529b09ecf344d6e16240361bd74f165590726d3cf568a42657cff926de9499d7.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1324

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1324-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1324-55-0x0000000074041000-0x0000000074043000-memory.dmp

    Filesize

    8KB

    Download