Managed XDR

ransomware_stop_2022_644.exe (Tinba) — malware analysis report

File info

Filename: ransomware_stop_2022_644.exe
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 335 KB
First seen: 2025-01-13 14:31
Last seen: 2025-01-13 14:31

Environment

win7/x86 en

Hashes

SHA1: 76670e1abfbafc16d5e724d412824c80ae0a56ed
SHA256: f362084c50a46f63be30c73eddefb2ce3c5bfd84dd285a61b70cf38675208873
MD5: eda153b66b42b332bdee8588b5dc8dac

Malwares

Tinba

Signatures

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data

T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules

process_crashed: One of the processes has failed

no_graphical_activity: No graphic activity

has_pdb: This executable file has a PDB path

Related reports