Analysis
-
max time kernel
298s -
max time network
405s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2023 03:21
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe
Resource
win10v2004-20230221-en
General
-
Target
VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe
-
Size
137KB
-
MD5
21d01fa87dfcaf971ff7b63a1a6fda94
-
SHA1
f3caa9831fc715af4f47cd98803549902dffe30a
-
SHA256
ab0aa003d7238940cbdf7393677f968c4a252516de7f0699cd4654abd2e7ae83
-
SHA512
f89997f8c31d77029f1087257a5b24337f9989bebfbe4169067acae72a5dd50ce118d273fae00690ef2e2bf345901d723034992f53dd3e5b9df5cbe9be2e67fa
-
SSDEEP
1536:ASOoRSNl/XT9yYSvVKJJgpBy7bICS4AUsiz8djOK:WPaKJJctOqjOK
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exedescription ioc process File opened (read-only) \??\B: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\E: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\F: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\K: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\P: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\U: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\A: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\H: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\I: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\L: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\M: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\W: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\Z: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\J: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\O: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\R: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\T: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\V: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\X: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\G: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\N: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\Q: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\S: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe File opened (read-only) \??\Y: VirusShare_21d01fa87dfcaf971ff7b63a1a6fda94.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).