Overview

overview

7

Static

static

1

tmp.exe

windows7-x64

3

tmp.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    44s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2023, 10:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    1003KB

  • MD5

    c4e6210df23d8c36b5fc72a04d91bd89

  • SHA1

    9a0e48c1fb63bc93d3c56e134f8f037c9b8292ff

  • SHA256

    120de63b8f726ad218289a7562f96160b9a01b5cc62bf98761628b1667502bfa

  • SHA512

    fcc4a472ef7895386f2e84c9946f0ae0eda6e1f71f6110690bcbdd5a191d9026045962586528601b1504d117165258a9f7d7fa9ae0c92f7a016acb66b8916fa0

  • SSDEEP

    12288:BzX3BBVmNUfqBe4EmGlDy+YSmv9GgjawQ5f26qW6ZX8FxGe+9mo6McgLg0NS:dfYNUfqBpE9BzYSZDh5fBqFyePj6Kx

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1212

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1212-54-0x0000000000A30000-0x0000000000B32000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/1212-55-0x0000000004D20000-0x0000000004D60000-memory.dmp

          Filesize

          256KB

          Download

        • memory/1212-56-0x0000000000A20000-0x0000000000A36000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1212-57-0x0000000004D20000-0x0000000004D60000-memory.dmp

          Filesize

          256KB

          Download

        • memory/1212-58-0x00000000021F0000-0x00000000021FC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/1212-59-0x0000000007DC0000-0x0000000007E6A000-memory.dmp

          Filesize

          680KB

          Download