Overview

overview

7

Static

static

ddbf01330e...6a.exe

windows7-x64

3

ddbf01330e...6a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    40s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 19:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ddbf01330e40e811cdb6f533d511355134fa7ae76d8329592fb11e4e3f3b7c6a.exe

  • Size

    1.3MB

  • MD5

    3095f4bbacaa5d02a40f19ee56de0cc0

  • SHA1

    3c833f0d21874010efd7f48e5187faf72cdaf41e

  • SHA256

    ddbf01330e40e811cdb6f533d511355134fa7ae76d8329592fb11e4e3f3b7c6a

  • SHA512

    b1d8ae3069794641aea98a1193b11891399934af8f68909891bb30fbb01a3efd976b946988481735ca75c4fe1fce5d2539df7b4509dedf4963deecdfde577bc6

  • SSDEEP

    24576:70QRhenrUTP1txX4cFq9B7T900k1aMI+RS+K08hxm+:QQRorUNocq7u3btK08h0+

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ddbf01330e40e811cdb6f533d511355134fa7ae76d8329592fb11e4e3f3b7c6a.exe
    "C:\Users\Admin\AppData\Local\Temp\ddbf01330e40e811cdb6f533d511355134fa7ae76d8329592fb11e4e3f3b7c6a.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Users\Admin\AppData\Local\Temp\ddbf01330e40e811cdb6f533d511355134fa7ae76d8329592fb11e4e3f3b7c6a.exe
      "C:\Users\Admin\AppData\Local\Temp\ddbf01330e40e811cdb6f533d511355134fa7ae76d8329592fb11e4e3f3b7c6a.exe" - 789CE3E6C60E1257DFB5897EF3D40187343700BCE106A2
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1072

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1072-75-0x0000000002200000-0x00000000022B8000-memory.dmp

          Filesize

          736KB

          Download

        • memory/1072-83-0x0000000000400000-0x00000000006E8000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1072-82-0x00000000022C0000-0x000000000232D000-memory.dmp

          Filesize

          436KB

          Download

        • memory/1072-90-0x0000000000400000-0x00000000006E8000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1072-91-0x0000000000400000-0x00000000006E8000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1148-54-0x0000000074C11000-0x0000000074C13000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1148-55-0x0000000000400000-0x00000000006E8000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1148-57-0x00000000021D0000-0x0000000002288000-memory.dmp

          Filesize

          736KB

          Download

        • memory/1148-64-0x00000000022D0000-0x000000000233D000-memory.dmp

          Filesize

          436KB

          Download

        • memory/1148-73-0x0000000000400000-0x00000000006E8000-memory.dmp

          Filesize

          2.9MB

          Download