Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
04-01-2022 16:15
Static task
static1
Behavioral task
behavioral1
Sample
RTGS_COPY.cmd.exe
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
RTGS_COPY.cmd.exe
Resource
win10-en-20211208
0 signatures
0 seconds
General
-
Target
RTGS_COPY.cmd.exe
-
Size
3.7MB
-
MD5
1cdd2dcf1a3545143dc08e0cd3f3fcc0
-
SHA1
30e1d553053985d26cb926303e30aaf8f08fe76a
-
SHA256
b7cd89612804eefbea4cc01513408994f8ea65d03a2cd68d07da77d43afd787c
-
SHA512
45562075dae952ebe2701d6a7d92b9af15867f306685680c1448592552b674f050ddd34334796e1e523c208bed6796b9c2264f1fef65a7fb7fdbaf61683cf7dd
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
RTGS_COPY.cmd.exepid Process 1928 RTGS_COPY.cmd.exe 1928 RTGS_COPY.cmd.exe 1928 RTGS_COPY.cmd.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
RTGS_COPY.cmd.exedescription pid Process procid_target PID 1928 wrote to memory of 708 1928 RTGS_COPY.cmd.exe 28 PID 1928 wrote to memory of 708 1928 RTGS_COPY.cmd.exe 28 PID 1928 wrote to memory of 708 1928 RTGS_COPY.cmd.exe 28 PID 1928 wrote to memory of 708 1928 RTGS_COPY.cmd.exe 28