Analysis
-
max time kernel
311s -
max time network
385s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 17:23
Static task
static1
Behavioral task
behavioral1
Sample
f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df.exe
Resource
win10v2004-20221111-en
General
-
Target
f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df.exe
-
Size
256KB
-
MD5
0d4cdf5cf99a75ac6d6393afc770e050
-
SHA1
de9983f3caec9e298ca3d0c699aee80b93e19aa2
-
SHA256
f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df
-
SHA512
bfd8dbfff49b2f8b91a6aa61ce11d1b3476a0de7d0adc4bdfea07a6abefb5c8ab5d7e64c8437511f386279c39ce2d2c5573b94f2bcf1ae44a76bfd73d0fdee62
-
SSDEEP
6144:ev7avoNymi+7eeyz2P9NnnnFCpImnTZygoHlKnvmb7/D26UBnmbLBXSG:eGvoNymi+7eOP9anTZygoHlKnvmb7/Dr
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1724 f646d1901a7f6c7d9abb558373309fa0067ca4080533b9530a72928ac362f1df.exe