Analysis
-
max time kernel
350s -
max time network
387s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
04/12/2022, 11:53
General
-
Target
af4ad1b0653e6836a1a6ee77beaf8143fe1c886dc313cd82a8b684960b098800.exe
-
Size
191KB
-
MD5
6bb57b65ba7a0c85dd4ab44cae862a8a
-
SHA1
c4cbda0583dea073506e526ac2e107417a109ac2
-
SHA256
af4ad1b0653e6836a1a6ee77beaf8143fe1c886dc313cd82a8b684960b098800
-
SHA512
06bc7932a39391b28ed8d858831cf7079fdc418c49627470ad085d086f83db42f8dbd354e33b8c8bf550acc2bd40acc6654f82e36331674c24bcb6b49bc5ad68
-
SSDEEP
3072:HADWbKzKbQmSVdSme+xmJyD4BliqzsmmEpEmboQd+ccewkyeZyYPuvGCJ30EZ0dB:HAVySV1eY4k437d+4wkTHdS25
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
-
C:\Users\Admin\AppData\Local\Temp\af4ad1b0653e6836a1a6ee77beaf8143fe1c886dc313cd82a8b684960b098800.exe"C:\Users\Admin\AppData\Local\Temp\af4ad1b0653e6836a1a6ee77beaf8143fe1c886dc313cd82a8b684960b098800.exe"1⤵
- Checks computer location settings