Analysis
-
max time kernel
185s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
04/12/2022, 05:21
General
-
Target
9d0147a428045b5f8075dea3e2c40d71cde48cb897a6893fa7f370f8a2a90cba.exe
-
Size
675KB
-
MD5
8a796598be894c9b985df853fc1c3050
-
SHA1
63ce238537570420507cf627566cd9aedd2556f8
-
SHA256
9d0147a428045b5f8075dea3e2c40d71cde48cb897a6893fa7f370f8a2a90cba
-
SHA512
31d42fd36622808899d7ed2f97e86475057e970ba3ed4f17842ef8992f54b49fdb0179116383df52860cbdbd397434f4826e964965072f6a6c75bcfd0bdc3bbf
-
SSDEEP
12288:kJ0p6T06/rm6agttTknjkxCdDLAvzVBJhXTfHRgVCSLV7DsAZN:km6H/SSjMyvzVBJ1r4pZDsg
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Suspicious use of FindShellTrayWindow 6 IoCs
-
Suspicious use of SendNotifyMessage 6 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d0147a428045b5f8075dea3e2c40d71cde48cb897a6893fa7f370f8a2a90cba.exe"C:\Users\Admin\AppData\Local\Temp\9d0147a428045b5f8075dea3e2c40d71cde48cb897a6893fa7f370f8a2a90cba.exe"1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx