Overview

overview

3

Static

static

1

19c36ba580...fd.exe

windows7-x64

3

19c36ba580...fd.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    236s
  • max time network
    336s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 15:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19c36ba580c2fa85f3a820ffa96a01f8246f1024440d5433544fc7446c3630fd.exe

  • Size

    562KB

  • MD5

    05e050569914de0a285584233a729a9b

  • SHA1

    07ab5a3b2258756d0a0c206355fd649b030b82bc

  • SHA256

    19c36ba580c2fa85f3a820ffa96a01f8246f1024440d5433544fc7446c3630fd

  • SHA512

    7c6b1a84ee431933a8fbbc63939a7a6a8bb97301118cfd937332a8a34af9ad7d8f7d27a14e6a12bbe2b7cc0c8920d03972f6e09902290d80552dc803369d46cf

  • SSDEEP

    12288:MCK+qK4QIUJ6ItO49LpwEBXu+OKex+VwKDPFIihoGqz765OMF7Mk:MChqKgU79usbkx+VNJhofz765h5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19c36ba580c2fa85f3a820ffa96a01f8246f1024440d5433544fc7446c3630fd.exe
    "C:\Users\Admin\AppData\Local\Temp\19c36ba580c2fa85f3a820ffa96a01f8246f1024440d5433544fc7446c3630fd.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1516

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1516-54-0x0000000074FA1000-0x0000000074FA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1516-55-0x0000000074041000-0x0000000074043000-memory.dmp

    Filesize

    8KB

    Download