Analysis
-
max time kernel
36s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
01/12/2022, 23:16
General
-
Target
79b905b4ce369dabf51dc46e2ae2ae26e109a7284695e8e419f7943d0a5865ba.exe
-
Size
64KB
-
MD5
e1725f325d0e8e77e2dea849e7268027
-
SHA1
9061d127e23ba903f0654ace69730d46d212ac84
-
SHA256
79b905b4ce369dabf51dc46e2ae2ae26e109a7284695e8e419f7943d0a5865ba
-
SHA512
1b2dbec671437a56d3d320a886b056355243fa2117c05e7e869132e06b3e676175e6983800a5ad1452c49b221ecf2da8dcfbeb97ddbbf3311c9e0b89be0c6d7c
-
SSDEEP
768:hUEoG9h55Ufo0bIGfitZ0DGsmTIhbez5zeNSWN112wzUXiylDpPO:hhhIvy/efzUXbVW
Score
6/10
Malware Config
Signatures
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\79b905b4ce369dabf51dc46e2ae2ae26e109a7284695e8e419f7943d0a5865ba.exe"C:\Users\Admin\AppData\Local\Temp\79b905b4ce369dabf51dc46e2ae2ae26e109a7284695e8e419f7943d0a5865ba.exe"1⤵
- Maps connected drives based on registry
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del 79b905b4ce369dabf51dc46e2ae2ae26e12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB