Analysis
-
max time kernel
295s -
max time network
367s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
30-11-2022 01:19
Static task
static1
Behavioral task
behavioral1
Sample
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a.exe
Resource
win7-20220812-en
General
-
Target
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a.exe
-
Size
148KB
-
MD5
674f6f47bcd256ab551b0b41f1bcaab4
-
SHA1
b4e1d5b2b4c283265dc5a54ecc66d09289fe9f75
-
SHA256
51ef98d09961f9cf455b4e042999f4f2ca47f908e2432fc58e976ab9d4268b3a
-
SHA512
e9fa747bd48234c3075f56f55f7eb659af0c57cb4f60a0594d827d74a1362cae26e126d5e150c7d5c22561a91cd2c552a2731e1692dba17bd9896bc9f685f8d1
-
SSDEEP
1536:MooT+fuLjBDF9pSbFP8BnWkPk0Wn5/NV032+QbhY06R4u1uc7fpqoEW7LlaRsrGW:MooTyeE8AeWn5loJ0KF7fJPWuxl/D
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/896-132-0x0000000000DFE000-0x0000000000E0E000-memory.dmpFilesize
64KB
-
memory/896-133-0x0000000000C60000-0x0000000000C73000-memory.dmpFilesize
76KB
-
memory/896-134-0x0000000000DFE000-0x0000000000E0E000-memory.dmpFilesize
64KB
-
memory/896-135-0x0000000000400000-0x0000000000AD7000-memory.dmpFilesize
6.8MB
-
memory/896-136-0x0000000000C60000-0x0000000000C73000-memory.dmpFilesize
76KB
-
memory/896-137-0x0000000000400000-0x0000000000AD7000-memory.dmpFilesize
6.8MB