Managed XDR

ransomware_stop_2022_603.exe (Tinba) — malware analysis report

File info

Filename: ransomware_stop_2022_603.exe
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 224.5 KB
First seen: 2025-01-13 14:24
Last seen: 2025-01-13 14:24

Environment

win7/x86 en

Hashes

SHA1: 79ae02b6e97ef23cf20dc893b3185a989f19ea84
SHA256: d8bc7f164f4b806d5e11754270303d104ca7fd9827a1c1124075070814ebdab5
MD5: 408e1d36246f8599cb551e2af47a150f

Malwares

Tinba

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data

T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules

process_crashed: One of the processes has failed

no_graphical_activity: No graphic activity

has_pdb: This executable file has a PDB path

Related reports