Analysis
-
max time kernel
1051s -
max time network
844s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
05-12-2021 21:27
General
-
Target
IlusionChecker.7z
-
Size
3.6MB
-
MD5
ffdcbdd06ed59b0c4a507cac8d575913
-
SHA1
de5e9d4384db0866f083db001217373b34451ea6
-
SHA256
eefc3d0a6af3df17b4c97f8404509550aa8eb99b3757a0ba4590c6bce88c96ca
-
SHA512
09765eac9a6f6dd493a6907e20f07e756ae443bdb7a2e10233161e179fc46669fa5796b91df57a3e5cf3607d1f9fb4ab33e002e2b596699115b624f09b3dc5b5
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\IlusionChecker.7z1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\IlusionChecker.7z2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\IlusionChecker.7z"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/556-56-0x0000000000000000-mapping.dmp
-
memory/572-58-0x0000000000000000-mapping.dmp
-
memory/572-59-0x0000000074E51000-0x0000000074E53000-memory.dmpFilesize
8KB
-
memory/724-55-0x000007FEFB931000-0x000007FEFB933000-memory.dmpFilesize
8KB