Overview

overview

8

Static

static

665d7e656b...93.exe

windows7-x64

8

Resubmissions

24/01/2023, 17:54

230124-wg8x3see6s 8

12/08/2020, 09:19

200812-tbpxaame9e 8

Analysis

  • max time kernel
    91s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2023, 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    665d7e656baecc8acccebf4b956719eb6c4099886f75008c8806efb945207e93.exe

  • Size

    28KB

  • MD5

    c3aa5efc9a1f5cba6f031b8a7be3584e

  • SHA1

    6af4f9b81a3e80c910b85bdc22d53dfbc3d706e6

  • SHA256

    665d7e656baecc8acccebf4b956719eb6c4099886f75008c8806efb945207e93

  • SHA512

    aeac12332a9d7de3eccd5b0b9753e243a595e89c147bbd5d931dba63a42aa700908aa5662ab167da5cef3da8ad46abc11a9623b25e68f8632de568c32fdb68b5

  • SSDEEP

    768:0jxXngTpt72I9bFY4GqsWz3HsUnS3rjn:0mc+bFY4/fTMUQrjn

Score
8/10
ransomware

Malware Config

Signatures

  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\665d7e656baecc8acccebf4b956719eb6c4099886f75008c8806efb945207e93.exe
    "C:\Users\Admin\AppData\Local\Temp\665d7e656baecc8acccebf4b956719eb6c4099886f75008c8806efb945207e93.exe"
    1⤵
    • Modifies extensions of user files
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:1252
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:584
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0xc8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/584-57-0x000007FEFC091000-0x000007FEFC093000-memory.dmp

    Filesize

    8KB

    Download

  • memory/584-58-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1252-54-0x0000000000130000-0x000000000013E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1252-55-0x0000000075931000-0x0000000075933000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1252-56-0x00000000048F5000-0x0000000004906000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1252-59-0x00000000048F5000-0x0000000004906000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1252-60-0x00000000048F5000-0x0000000004906000-memory.dmp

    Filesize

    68KB

    Download