Analysis
-
max time kernel
67s -
max time network
114s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
22-07-2021 11:00
Static task
static1
Behavioral task
behavioral1
Sample
CARGO ARRIVAL.lzh.rar
Resource
win7v20210410
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
CARGO ARRIVAL.lzh.rar
Resource
win10v20210408
0 signatures
0 seconds
Errors
Reason
Remote task has failed: Machine shutdown
General
-
Target
CARGO ARRIVAL.lzh.rar
-
Size
467KB
-
MD5
ded00ce5f2d97d2c052322e83c814d20
-
SHA1
653cbc3dcfd352a478850dc8f05080e219a2655a
-
SHA256
a0c5b8f728ee17e96b5e49b9ba5de873331dda3f5751efc0665d22b3491c6139
-
SHA512
81b485312c966fc00f70cb7ba3acd732fe9cdf9029afc45963a190f1ce306e52f7a74e31eb957b90d6a9b3ada579590929436db9e4eb7ea88c74d5fe2bd9dcb7
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1656 wrote to memory of 1240 1656 cmd.exe rundll32.exe PID 1656 wrote to memory of 1240 1656 cmd.exe rundll32.exe PID 1656 wrote to memory of 1240 1656 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\CARGO ARRIVAL.lzh.rar"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CARGO ARRIVAL.lzh.rar2⤵
- Modifies registry class
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1092-66-0x00000000026E0000-0x00000000026E1000-memory.dmpFilesize
4KB
-
memory/1240-60-0x0000000000000000-mapping.dmp
-
memory/1328-64-0x00000000027C0000-0x00000000027C1000-memory.dmpFilesize
4KB
-
memory/1656-59-0x000007FEFBFF1000-0x000007FEFBFF3000-memory.dmpFilesize
8KB