Overview

overview

7

Static

static

1

Proteggiti12.exe

windows7-x64

7

Proteggiti12.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2023 01:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Proteggiti12.exe

  • Size

    81KB

  • MD5

    bcf010a0ac126b82c429d6b1e05e0904

  • SHA1

    d59494cc6a114951c9affc0d280d39f7ee429412

  • SHA256

    cd7fa0e585fcc126483caa9f5c738d0c213e3326f132e47c69d942eeb9ef1345

  • SHA512

    50620b0f7149eb0244a640df1d8334657fd34b26f3a6ebaeb8dd892f68560a9b273cd95310d034003b163a1aa198499a74695ed6650069a08d2ab5f71c3e18d5

  • SSDEEP

    1536:/s3y2R2T619NzucB2VJtLE933X80VMYEwduOrIDxBHCs0h:6qTE3zucB2Vg38jfwMOa3Cxh

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Proteggiti12.exe
    "C:\Users\Admin\AppData\Local\Temp\Proteggiti12.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • Drops startup file
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1656-133-0x0000000000810000-0x000000000082A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1656-134-0x00000000055D0000-0x0000000005B74000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/1656-135-0x00000000050C0000-0x0000000005152000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1656-136-0x00000000050A0000-0x00000000050AA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1656-137-0x00000000052D0000-0x0000000005346000-memory.dmp
    Filesize

    472KB

    Download
  • memory/1656-138-0x0000000005350000-0x0000000005360000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1656-139-0x0000000005350000-0x0000000005360000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1656-140-0x00000000053A0000-0x00000000053BE000-memory.dmp
    Filesize

    120KB

    Download
  • memory/2152-141-0x0000000000400000-0x0000000000416000-memory.dmp
    Filesize

    88KB

    Download
  • memory/2152-145-0x00000000051B0000-0x00000000051C0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2152-149-0x00000000051B0000-0x00000000051C0000-memory.dmp
    Filesize

    64KB

    Download