Overview

overview

10

Static

static

10

d1a6ff8fbc...f3.exe

windows7-x64

10

d1a6ff8fbc...f3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-04-2024 08:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1a6ff8fbcb49b97107c3145ffbbeee44bd8886193856374002e4aaee27a50f3.exe

  • Size

    872KB

  • MD5

    d015a2fae71978f785fa02c38423df2a

  • SHA1

    1e0bb5360f52fbfce533788401070485364edbcb

  • SHA256

    d1a6ff8fbcb49b97107c3145ffbbeee44bd8886193856374002e4aaee27a50f3

  • SHA512

    622a886e52ba476dbf79cbca5c930dfc6c9dbbb6291b0274fcafd4becdbf5f03b51e3f5e5fdb689424f97a1838627f1b65907ccfeab5c6cc55992d7b52c2ca49

  • SSDEEP

    12288:3L5Ya5t1QR5UXpNAG3vWYgeWYg955/155/rI2C7ECSz5+XJBLWe+nForgytP:75Ya5t1QRmXpNAG3AaDwKJWe+nFagy

Score
10/10
atomsiloransomware

Malware Config

Signatures

  • AtomSilo

    Ransomware family first seen in September 2021.

    ransomwareatomsilo
  • AtomSilo Ransomware 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1a6ff8fbcb49b97107c3145ffbbeee44bd8886193856374002e4aaee27a50f3.exe
    "C:\Users\Admin\AppData\Local\Temp\d1a6ff8fbcb49b97107c3145ffbbeee44bd8886193856374002e4aaee27a50f3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2280 -s 88
      2⤵
        PID:1864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2280-0-0x000000013F7E0000-0x000000013F8BA000-memory.dmp

      Filesize

      872KB

      Download

    • memory/2280-1-0x000000013F7E0000-0x000000013F8BA000-memory.dmp

      Filesize

      872KB

      Download