Overview

overview

3

Static

static

1

0d00b2f180...12.exe

windows7-x64

3

0d00b2f180...12.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    78s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d00b2f180fdca494533a968e4e8786e39d4267ad028ff7067365673b9707f12.exe

  • Size

    562KB

  • MD5

    b118bbd133f9276804f70a0e8d71b443

  • SHA1

    6515fd5d1a0831e1149f063e349752bcb60c26bc

  • SHA256

    0d00b2f180fdca494533a968e4e8786e39d4267ad028ff7067365673b9707f12

  • SHA512

    07a59fc3c61105005d9e2e73ad441b74493a03d8f7018d1045f429ddbdc9575d91193f9585be29e2e2b07a83a7f493e4ad50a543ab29aa9f3b7f94e981e82ec9

  • SSDEEP

    12288:zCK+qK4QIUJ6ItO49LpwEBXu+OKex+VwKDPFIihoGqz765OMFp:zChqKgU79usbkx+VNJhofz765hn

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d00b2f180fdca494533a968e4e8786e39d4267ad028ff7067365673b9707f12.exe
    "C:\Users\Admin\AppData\Local\Temp\0d00b2f180fdca494533a968e4e8786e39d4267ad028ff7067365673b9707f12.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1480

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1480-54-0x0000000076581000-0x0000000076583000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1480-55-0x0000000074CB1000-0x0000000074CB3000-memory.dmp

    Filesize

    8KB

    Download