Analysis
-
max time kernel
101s -
max time network
102s -
platform
windows7_x64 -
resource
win7v200722 -
submitted
26-07-2020 19:23
General
-
Target
Random.RANSOM.bin.exe
-
Size
64KB
-
MD5
bc234901a4e7dd764b97105a4f6840b9
-
SHA1
9930e609f8a0b4c999e52799f6267e86b66f7188
-
SHA256
d2178841fa9e74c19c7d19da870c5beb0dd30cb36b70dd6a2e3488416cab9980
-
SHA512
9285bbd6e19fd4488a371e54b9bd460207cc29670ada23dc445a352c912edf78536196398bbc49fada73ef2884eb5125dad928ac1a96ba64a46c80904ecf0a4c
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Executes dropped EXE 1 IoCs
-
Deletes itself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Modifies extensions of user files 2 IoCs
Ransomware generally changes the extension on encrypted files.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Random.RANSOM.bin.exe"C:\Users\Admin\AppData\Local\Temp\Random.RANSOM.bin.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Appdata\svchost.exe"C:\Users\Admin\Appdata\svchost.exe"2⤵
- Executes dropped EXE
- Deletes itself
- Suspicious use of AdjustPrivilegeToken
- Modifies extensions of user files
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\svchost.exe
-
C:\Users\Admin\Appdata\debug.txt
-
C:\Users\Admin\Appdata\svchost.exe
-
memory/1508-0-0x0000000000000000-mapping.dmp