Analysis

  • max time kernel
    285s
  • max time network
    397s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 14:38

General

  • Target

    77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411.exe

  • Size

    632KB

  • MD5

    27c9e7bd8c7754c2c31f8806d93ebdd2

  • SHA1

    2de9282ccb854d94805c34a4f9ae88f9626b0d2d

  • SHA256

    77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411

  • SHA512

    351aaf6df3c98eb4f57933672887b1555e361298883900a1b835c910a84bb3e236860b11e44eb865c5bbfb1ec406cd91745d3b91ce076d5b2fe4bfc3aaf5b306

  • SSDEEP

    12288:1uudoYcGL//JWM01Vfby4QQvRO4mqPeQ9HXD4AQfKF+cl19IB0JG9dYV:1ueoYT/hmflRBmqPeQ93D4AQ6X2B2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411.exe
    "C:\Users\Admin\AppData\Local\Temp\77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:684

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/684-54-0x0000000075D11000-0x0000000075D13000-memory.dmp

    Filesize

    8KB

  • memory/684-55-0x0000000074491000-0x0000000074493000-memory.dmp

    Filesize

    8KB