Overview

overview

3

Static

static

1

2af816a17e...32.exe

windows7-x64

3

2af816a17e...32.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    46s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2af816a17e2e5fd765767ad964ab3dae578f3e5ca40514c8a632d4676a2bba32.exe

  • Size

    562KB

  • MD5

    c0cea063a4bf25d205814d344a3ffc12

  • SHA1

    fe532be5f66f0a2d8204d467f755f137284a5675

  • SHA256

    2af816a17e2e5fd765767ad964ab3dae578f3e5ca40514c8a632d4676a2bba32

  • SHA512

    4e13140fd5b54c6ee2f212fff8c179d224f384b17233d7c800871e852f619841ae12e64370461f655170f0cda02ffc859fbbed22e3e8db669236f5bc93228b0d

  • SSDEEP

    12288:zCK+qK4QIUJ6ItO49LpwEBXu+OKex+VwKDPFIihoGqz765OMF4l:zChqKgU79usbkx+VNJhofz765hs

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2af816a17e2e5fd765767ad964ab3dae578f3e5ca40514c8a632d4676a2bba32.exe
    "C:\Users\Admin\AppData\Local\Temp\2af816a17e2e5fd765767ad964ab3dae578f3e5ca40514c8a632d4676a2bba32.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1060

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1060-54-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1060-55-0x0000000074431000-0x0000000074433000-memory.dmp

    Filesize

    8KB

    Download