Analysis
-
max time kernel
37s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
19-04-2023 17:35
General
-
Target
4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7.elf
-
Size
132KB
-
MD5
59ce0baba11893f90527fc951ac69912
-
SHA1
5857a7dd621c4c3ebb0b5a3bec915d409f70d39f
-
SHA256
4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7
-
SHA512
c5b12797b477e5e5964a78766bb40b1c0d9fdfb8eef1f9aee3df451e3441a40c61d325bf400ba51048811b68e1c70a95f15e4166b7a65a4eca0c624864328647
-
SSDEEP
3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xioP:p3lOYoaja8xzx/0wsxzSi2
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7.elf1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7.elf2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7.elf"3⤵
- Suspicious use of SetWindowsHookEx
-
-