Overview

overview

8

Static

static

Random.RANSOM.bin.exe

windows7_x64

8

Random.RANSOM.bin.exe

windows10_x64

8

Analysis

  • max time kernel
    101s
  • max time network
    102s
  • platform
    windows7_x64
  • resource
    win7v200722
  • submitted
    26/07/2020, 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Random.RANSOM.bin.exe

  • Size

    64KB

  • MD5

    bc234901a4e7dd764b97105a4f6840b9

  • SHA1

    9930e609f8a0b4c999e52799f6267e86b66f7188

  • SHA256

    d2178841fa9e74c19c7d19da870c5beb0dd30cb36b70dd6a2e3488416cab9980

  • SHA512

    9285bbd6e19fd4488a371e54b9bd460207cc29670ada23dc445a352c912edf78536196398bbc49fada73ef2884eb5125dad928ac1a96ba64a46c80904ecf0a4c

Score
8/10
ransomware

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Random.RANSOM.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\Random.RANSOM.bin.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:604
    • C:\Users\Admin\Appdata\svchost.exe
      "C:\Users\Admin\Appdata\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Deletes itself
      • Suspicious use of AdjustPrivilegeToken
      • Modifies extensions of user files
      PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads