Overview

overview

3

Static

static

1

e8b2f12caf...5d.exe

windows7-x64

3

e8b2f12caf...5d.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    9s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 12:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e8b2f12caf9cfacf97dd3e2bb10405e3aaee1e31bbc9560b799d9bbdc6c7085d.exe

  • Size

    562KB

  • MD5

    de0a6d964f5c9672a00a12e358354233

  • SHA1

    a18a165d87022757b1bae29efe5b62a76713ecc0

  • SHA256

    e8b2f12caf9cfacf97dd3e2bb10405e3aaee1e31bbc9560b799d9bbdc6c7085d

  • SHA512

    7900f47b7039f2007f63efa584983e0c3db50a4067e001b6cc3fb4b2dda6f70b22189329554de77af634cce36035f707d2383ccf69096548f7b11463abbd3a99

  • SSDEEP

    12288:0CK+qK4QIUJ6ItO49LpwEBXu+OKex+VwKDPFIihoGqz765OMFMA:0ChqKgU79usbkx+VNJhofz765hl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8b2f12caf9cfacf97dd3e2bb10405e3aaee1e31bbc9560b799d9bbdc6c7085d.exe
    "C:\Users\Admin\AppData\Local\Temp\e8b2f12caf9cfacf97dd3e2bb10405e3aaee1e31bbc9560b799d9bbdc6c7085d.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1632

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1632-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1632-55-0x00000000749E1000-0x00000000749E3000-memory.dmp

          Filesize

          8KB

          Download