Analysis
-
max time kernel
28s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-12-2022 00:18
Static task
static1
Behavioral task
behavioral1
Sample
85d0f92df55ce325f0850678db4b0e311284582e0321a98336409b8d8470a02e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
85d0f92df55ce325f0850678db4b0e311284582e0321a98336409b8d8470a02e.exe
Resource
win10v2004-20220812-en
General
-
Target
85d0f92df55ce325f0850678db4b0e311284582e0321a98336409b8d8470a02e.exe
-
Size
1.7MB
-
MD5
ff7956ff245efb33b0c1daa174ab35d0
-
SHA1
8a4b769a29b4dfc135e41bd0e61694ff8f288cf4
-
SHA256
85d0f92df55ce325f0850678db4b0e311284582e0321a98336409b8d8470a02e
-
SHA512
fb82efd10757560b51e821d883812149cf4e735a093996c92d8d93c428bba7365b782a672fa7a5484d811df89ff712334fe477246d39d60cf137b5ae68e522e5
-
SSDEEP
49152:upehrJK5Mq18joShqj7GCbUynXN/LiHZkMn6YeqVjXhC1eonV:uA85tWNqBUc+HZm007
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1340 85d0f92df55ce325f0850678db4b0e311284582e0321a98336409b8d8470a02e.exe