Overview

overview

10

Static

static

10

Ontrack Ea....0.exe

windows7-x64

3

Ontrack Ea....0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ontrack Easy Recovery pro 15.2.0.exe

  • Size

    312.9MB

  • MD5

    b4f3e7f77034e822af48c525fad641d8

  • SHA1

    2a9d0541ec63db944b06f2a71415e986fc5d4bcb

  • SHA256

    f137766576b1539b73f9c132f07db4ea08b87108535037cf1794fbe37fa3d14c

  • SHA512

    3e7cd905d2b2731dce45b18cc4dc569cec9975de0617d725abb3917ae9ee294f45b9683a25a2e37db4e71a0bf83dda7ebbf2321d878903c8e8d4fad430de14aa

  • SSDEEP

    3145728:yTK7ryGFKYGpJrrO9S1Qor9VNxdA9nZjtqkYj2giXCXRIqa/jt9iqfMgpAhYh2g5:mK7OGFKvHrrqS1Qor9V9A9NfzaPlaEO

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ontrack Easy Recovery pro 15.2.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Ontrack Easy Recovery pro 15.2.0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    PID:1596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IF{07F4396A-6054-4994-A8DA-38B4A7EC74A4}\English.ifl
    Filesize

    2KB

    MD5

    2922d0c758d9c3c10cbdc59f91979d0c

    SHA1

    feb69bdf58d06cca776db63036811af0764ca013

    SHA256

    20f6d12eac29bd6ddc6a99dd276c5e200fac25c976ab4293195b58ec164c253f

    SHA512

    d15e888bae4e23ce5d61becc3c47d9b5f61fbbe4612cf90677314570fe1df1f4fde6c519b789ad46cc50d19c2b3701bc9bd968e85bb618fb7127950d4ae92695

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IF{07F4396A-6054-4994-A8DA-38B4A7EC74A4}\licence.rtf
    Filesize

    118B

    MD5

    b3cf6d29a7d57ee04190a9e781068816

    SHA1

    15b19e07f5504ee5a55fab1d96eb8226f8a6966e

    SHA256

    35115ffda23f924fb7c51194a80e34fa3efd9d34f4c0a0116b6ecaf9050c23c5

    SHA512

    2778a0cad1671d85f079ba1ecd92616e02606d225c9969a16687cfeade026415a10e8fcc411ed9c300637880c90425ffbb05e403cdc832f0e54d05965b3b5ef8

    Download Submit