Analysis
-
max time kernel
304s -
max time network
838s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
05-12-2021 21:27
Static task
static1
Behavioral task
behavioral1
Sample
IlusionChecker.7z
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
IlusionChecker.7z
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
IlusionChecker.7z
Resource
win7-en-20211104
Behavioral task
behavioral4
Sample
IlusionChecker.7z
Resource
win10-en-20211014
Behavioral task
behavioral5
Sample
IlusionChecker.7z
Resource
win7-en-20211104
Behavioral task
behavioral6
Sample
IlusionChecker.7z
Resource
win10-en-20211104
General
-
Target
IlusionChecker.7z
-
Size
3.6MB
-
MD5
ffdcbdd06ed59b0c4a507cac8d575913
-
SHA1
de5e9d4384db0866f083db001217373b34451ea6
-
SHA256
eefc3d0a6af3df17b4c97f8404509550aa8eb99b3757a0ba4590c6bce88c96ca
-
SHA512
09765eac9a6f6dd493a6907e20f07e756ae443bdb7a2e10233161e179fc46669fa5796b91df57a3e5cf3607d1f9fb4ab33e002e2b596699115b624f09b3dc5b5
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 3800 OpenWith.exe