Analysis
-
max time kernel
289s -
max time network
334s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01-12-2022 21:47
Static task
static1
Behavioral task
behavioral1
Sample
873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe
Resource
win10v2004-20221111-en
General
-
Target
873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe
-
Size
1.2MB
-
MD5
432fbe7edf1488491374d9153438ef0e
-
SHA1
653d39d795ec470f74b73c36394ef5b91d8e7998
-
SHA256
873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e
-
SHA512
1b0f5b2a961aed40f8942f04f4c98e3b9427b90c7d88b65ee89344dac7a0cb58de697ea1869234f8caaf5d14ec8d42cc2e60d92a415abcfd0a97ca1799a75556
-
SSDEEP
24576:zj8xJJLICP5YKJNuWJsGEdX+YTbdsEMeSNbBhOxMMz9LZibsTUMqN:v0uuufHdhQgtZiCLqN
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\P: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\R: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\S: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\Z: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\A: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\I: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\J: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\O: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\T: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\U: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\X: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\B: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\H: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\M: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\N: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\W: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\F: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\G: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\L: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\Q: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\E: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\K: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\V: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe File opened (read-only) \??\Y: 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1488 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe 1488 873e5ab44bdfafeb68254ed171e0fd7786f32b8ccea674d23a3106633767cd0e.exe