Overview

overview

7

Static

static

af33b6b44c...8a.exe

windows7-x64

3

af33b6b44c...8a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    178s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 12:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    af33b6b44c7fdc6800ee0ce457ffad3aa696241a0a49ccee734e50b38275ce8a.exe

  • Size

    144KB

  • MD5

    523fcffc2a25d9cb7d3317c5e33d4c4c

  • SHA1

    103d161b3194abbb37b312baa15132f956a371a3

  • SHA256

    af33b6b44c7fdc6800ee0ce457ffad3aa696241a0a49ccee734e50b38275ce8a

  • SHA512

    a9e2c252578376710f38989c8e4f347020dd108a5dcec337da747a4581e45ee6692ebc2afa8012d98fbb9cca15819fc933cbdf480a51ad683c6a200313ea1eec

  • SSDEEP

    1536:9BI5pwLfZshrCduppMOwIqEV1pBvVvM7qczGG/sWjcdk5a+k3h5khMqEEajbMLR0:XlV4UWKERi7AkY+k3h5YnEEajGe

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af33b6b44c7fdc6800ee0ce457ffad3aa696241a0a49ccee734e50b38275ce8a.exe
    "C:\Users\Admin\AppData\Local\Temp\af33b6b44c7fdc6800ee0ce457ffad3aa696241a0a49ccee734e50b38275ce8a.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    PID:1796

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads