Overview

overview

3

Static

static

docs_invoice_173.iso

windows7_x64

3

docs_invoice_173.iso

windows10-2004_x64

3

Resubmissions

10-04-2022 01:27

220410-bvcftafdg7 3

10-04-2022 01:26

220410-btybwsccap 10

22-03-2022 15:08

220322-shwscscegp 10

Analysis

  • max time kernel
    1410s
  • max time network
    1233s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220331-en
  • submitted
    10-04-2022 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    docs_invoice_173.iso

  • Size

    210KB

  • MD5

    e051009b12b37c7ee16e810c135f1fef

  • SHA1

    415b27cd03d3d701a202924c26d25410ea0974d7

  • SHA256

    5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b

  • SHA512

    8ea0b905d829896c4a8380de578bced89b16c0be9b293f949ac4aa81679cc07da2ef71e9315c9f125cbf7d4c743ffb939671d64126c53437cad2311a73cf2cf7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\docs_invoice_173.iso
    1⤵
    • Modifies registry class
    • Suspicious behavior: LoadsDriver
    PID:2844
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2372

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads