Overview

overview

10

Static

static

10

antivirus.exe

windows10-2004-x64

10

Resubmissions

31-03-2024 14:49

240331-r687xsec77 10

29-03-2024 09:29

240329-lf9swaeg87 10

29-03-2024 08:58

240329-kw8ebaed26 10

29-03-2024 08:57

240329-kwtadsed22 10

29-03-2024 08:49

240329-krew7sec34 10

Analysis

  • max time kernel
    3s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2024 08:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    antivirus.exe

  • Size

    144KB

  • MD5

    4016477fd044882c78f3c1a47d7322e1

  • SHA1

    6c75ffa25ef2d1d6a658ff415b2e47964032fc6a

  • SHA256

    fbbaef754d6dafaaf32ae5e7937135fe81075806e5e2b0db1d6f9441a1cd8633

  • SHA512

    17706a8238817e135ffe378e60e1e52964a00aeee6c6b9bc7f288a0390ae97d958f053cf693a4d829a35acbe32e3ab9599c13150a3155c671490736e88d19df1

  • SSDEEP

    3072:xokEUyr9ql5n3yU6S4M5Er8zwIMsoE0WNOBKHAHp+FBZ+:er9ql53y04QEwzh0FaAHQLZ

Score
10/10
chaosransomware

Malware Config

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\antivirus.exe
    "C:\Users\Admin\AppData\Local\Temp\antivirus.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3924-0-0x0000000000EF0000-0x0000000000F1A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3924-1-0x00007FFC4E600000-0x00007FFC4F0C1000-memory.dmp

    Filesize

    10.8MB

    Download