Analysis
-
max time kernel
142s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 21:19
Static task
static1
Behavioral task
behavioral1
Sample
5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1.exe
Resource
win10v2004-20220812-en
General
-
Target
5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1.exe
-
Size
2.6MB
-
MD5
a1e3c5dd9048df7b7914f2ab39072560
-
SHA1
728f90dcec532aa5b03190ff16decc87a56b8aa0
-
SHA256
5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1
-
SHA512
2cae592d863ca9f4273ca3f90d65b7b77d8d2221ee312be0e8f2259bc658d11bf715a5037edf237bae851993a0fb45aa69fd8abeeaf3c9406ee3e90d5b3fc63c
-
SSDEEP
49152:HsaOGQrJ5QD4fdeYhTDtWHOXsmJrxQrx:xHQU4fdImJdQd
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3592 5a5143b0306e7bd7a1f632b5a9f3dec7b5f6fca49043cd6815a10d406b002af1.exe