Analysis
-
max time kernel
123s -
max time network
123s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
17-11-2021 07:30
Static task
static1
Behavioral task
behavioral1
Sample
.d.tar/boner
Resource
ubuntu1804-amd64-en-20211025
Behavioral task
behavioral2
Sample
.d.tar/cosynus
Resource
ubuntu1804-amd64-en-20211025
Behavioral task
behavioral3
Sample
.d.tar/main
Resource
ubuntu1804-amd64-en-20211025
Behavioral task
behavioral4
Sample
.d.tar/main
Resource
debian9-mipsel-en-20211025
Behavioral task
behavioral5
Sample
.d.tar/main
Resource
debian9-mipsbe-en-20211025
Behavioral task
behavioral6
Sample
.d.tar/main
Resource
debian9-armhf-en-20211025
Behavioral task
behavioral7
Sample
.d.tar/send_vuln.py
Resource
win7-en-20211014
Behavioral task
behavioral8
Sample
.d.tar/send_vuln.py
Resource
win10-en-20211014
General
-
Target
.d.tar/send_vuln.py
-
Size
1KB
-
MD5
dbb01b6d40b0efa19bd887640685e3b6
-
SHA1
638108b2217b21843ba7f1c80a95f756e5e2310d
-
SHA256
6988f670c3cee552792797e7f0aea6e93516bf278b29d3ddce13cedb6c261f3b
-
SHA512
89149ce817b1c19c531c08e53aabe3964148ac24ccfbb56d323d3255db64f42f93ce4e0b213d996c6d84d4bb5f6930a74d3cccb9f467acbe86077071ab6ca03b
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3512 OpenWith.exe