Overview

overview

10

Static

static

10

SUPLY.cmd.exe

windows7_x64

3

SUPLY.cmd.exe

windows10_x64

4

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    14/12/2021, 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SUPLY.cmd.exe

  • Size

    1.5MB

  • MD5

    a6395684ced7f9127f03f17bd263f6fd

  • SHA1

    bcd96892630129da75b2faefc7dbf6fcad90c552

  • SHA256

    002f0bfd7f0c174e11f976f38861391e8f9eff093e8c3e36e01d811451c63ebd

  • SHA512

    6e2fb4e4fb122713da25523a861cb8ede4ccceaa8844462d17177c7fb7b9e7d1161cc0324b73b3667ddf4156a2305e670425ad58914568377185aaad1b8dd924

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SUPLY.cmd.exe
    "C:\Users\Admin\AppData\Local\Temp\SUPLY.cmd.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\Receipt.bmp
      2⤵
        PID:524
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:920

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/524-61-0x00000000006B0000-0x00000000006B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/920-62-0x0000000000220000-0x0000000000222000-memory.dmp

      Filesize

      8KB

      Download

    • memory/920-63-0x00000000003A0000-0x00000000003A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1676-55-0x00000000003C0000-0x00000000003C6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1676-56-0x00000000003C0000-0x00000000003CA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1676-57-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

      Filesize

      8KB

      Download