Overview

overview

10

Static

static

10

image.cmd.exe

windows7_x64

3

image.cmd.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    17/01/2022, 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    image.cmd.exe

  • Size

    3.1MB

  • MD5

    6f16cdd2022697146305e80f3a0b0d18

  • SHA1

    67ba9eeaf24aa39a5bfd0d385cdd8fa756f4405e

  • SHA256

    a75b04b359e9fba84407f4763ee90c36031685de4ea4b38020f9913b815baf71

  • SHA512

    6121c3872a52c54314c158b4b05b144c439d5d3a87ed59616fc241926a4df2097a2c455901a7b5b6b0a603fd107ed6c19ac6a58d635f8a0bb2d9d5e46fb4c6e5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\image.cmd.exe
    "C:\Users\Admin\AppData\Local\Temp\image.cmd.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\FILE.bmp
      2⤵
        PID:752
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:1788

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/752-60-0x0000000000700000-0x0000000000702000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1592-54-0x0000000000230000-0x0000000000236000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1592-55-0x0000000000230000-0x000000000023A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1592-56-0x0000000075D51000-0x0000000075D53000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1788-61-0x0000000000220000-0x0000000000222000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1788-62-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download