Analysis
-
max time kernel
89s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20-02-2023 07:22
Behavioral task
behavioral1
Sample
701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe
Resource
win10v2004-20220812-en
General
-
Target
701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe
-
Size
1.5MB
-
MD5
40e70af2f17b458e75b7891355557b88
-
SHA1
c04d8eb0eb01465c9e48c0dbf9ee359b29792b36
-
SHA256
701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53
-
SHA512
fb78fd6fe68bc726f9d976572ac03f3f91542aaa5e24af1ba1516d26515c8c4083b6f8b3116fc4ffb0488c6d8c4779748fe843d68f88d7c9dffe468dc19d620c
-
SSDEEP
24576:CgMRXundFh8AY4YiKYXfY3BaVKuhe427WMNGbeemac94y/bprGp95pcQo:iROb7v4YXmm1kJvemx9nrGp95pw
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exepid process 4196 701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe 4196 701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe 4196 701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe 4196 701570f284b4e4ba51c407a8bf2c48fecf7b3d903c1d7fdc7b36c499e216cf53.exe