8b37f889d22e0713d2930dcf25427dbcf21a7c72347b0c531a0d90ac6a460253

Analysis

max time kernel
73s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b37f889d22e0713d2930dcf25427dbcf21a7c72347b0c531a0d90ac6a460253.exe
Size

2.6MB
MD5

de8ff33ca780fd42b143a796d11cf8bb
SHA1

39f7e61c40337875df86b3c6ee250711f14d23f1
SHA256

8b37f889d22e0713d2930dcf25427dbcf21a7c72347b0c531a0d90ac6a460253
SHA512

ca9fdffa0b349f6ed29abce6798aa7cc9420e8b937827e5da91f7f60a766e1eb8849239366bae9fd39aaf102b7da197de871f7a79b7128aa0b9aafcbfae21629
SSDEEP

49152:2/U3gyuwwNcDINH4/iXKnFQTdG2dYdyDIDL3bz4274nw3Vx3PPGEg7zS2LO:kU31uBuDINY/cTdG2iyDIDcG4e3nKW2i

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1552	8b37f889d22e0713d2930dcf25427dbcf21a7c72347b0c531a0d90ac6a460253.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1552	8b37f889d22e0713d2930dcf25427dbcf21a7c72347b0c531a0d90ac6a460253.exe

C:\Users\Admin\AppData\Local\Temp\8b37f889d22e0713d2930dcf25427dbcf21a7c72347b0c531a0d90ac6a460253.exe
"C:\Users\Admin\AppData\Local\Temp\8b37f889d22e0713d2930dcf25427dbcf21a7c72347b0c531a0d90ac6a460253.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1552-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download
memory/1552-55-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/1552-59-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download
memory/1552-60-0x0000000000020000-0x0000000000026000-memory.dmp

Filesize
24KB

Download
memory/1552-61-0x0000000000400000-0x0000000000590000-memory.dmp

Filesize
1.6MB

Download