Overview

overview

10

Static

static

10

teams.exe

windows7-x64

1

teams.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18-03-2024 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    teams.exe

  • Size

    32KB

  • MD5

    79be6407efcd8384488e10b3e4d57d28

  • SHA1

    7b85b15156bde0ad3b06ebc572c0eaef6b8c4dcb

  • SHA256

    fe6ba47c1f2b49d9c9f79100a6e901ee0b2928d85568975ca143962a2245a652

  • SHA512

    7074e000cc4100efc42962d4b604fac9acea320d5c6e7621077e9a6d1a55113ad08b09158e7f18d4b4abf2adb3aec4f7153c2cf2144d1954daf18bea53c9808e

  • SSDEEP

    768:fUeVcDsyL/Hs93u7fzR0xZ70ZBrc14aH/t5:GssPd77R076I5t

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\teams.exe
    "C:\Users\Admin\AppData\Local\Temp\teams.exe"
    1⤵
      PID:848
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\hacked.txt
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:2412
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\hacked.txt
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:2896

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Desktop\hacked.txt
      Filesize

      207B

      MD5

      79ec604a76daee8049dcb2e1549b3b22

      SHA1

      cd5e02cdb26f2ddaab7c221e0c1869bc8a01576f

      SHA256

      719a18532c37e9a080503fc397a105b471ca3a1a68b46a9b68d4545e29fb5484

      SHA512

      2657f90faa02388dacb4c8b8dc2697e98f616e7ee46cea4de40972acaa398b4b3853eeb6656f9d73f8a9289302932d046bf7ebcbfd1a01bdbb1b19b2973a6636

      Download Submit

    • memory/848-2-0x0000000000200000-0x0000000000300000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/848-4-0x0000000000200000-0x0000000000300000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/848-5-0x00000000028F0000-0x000000000327B000-memory.dmp

      Filesize

      9.5MB

      Download

    • memory/848-6-0x0000000003C10000-0x0000000004603000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/848-8-0x0000000003C10000-0x0000000004603000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/848-9-0x0000000003C10000-0x0000000004603000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/848-10-0x0000000003C10000-0x0000000004603000-memory.dmp

      Filesize

      9.9MB

      Download