Overview

overview

10

Static

static

10

Log4J Malw...26f.7z

windows7_x64

3

Log4J Malw...26f.7z

windows10-2004_x64

3

90ee1a8e8f...c7d26f

linux_amd64

6e25ad0310...8b.elf

linux_amd64

7e9663f872...512.sh

linux_amd64

7e9663f872...512.sh

linux_armhf

7e9663f872...512.sh

linux_mips

7e9663f872...512.sh

linux_mipsel

10fad59b07...2b4513

linux_amd64

10fad59b07...2b4513

linux_armhf

10fad59b07...2b4513

linux_mips

10fad59b07...2b4513

linux_mipsel

3f6120ca0f...d26.sh

windows7_x64

3

3f6120ca0f...d26.sh

windows10-2004_x64

3

776c341504...abcc00

linux_amd64

15e7942ebf...79b36b

linux_mips

e7c5b3de93...cc0e82

linux_amd64

Analysis

  • max time kernel
    109s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    13/05/2022, 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Log4J Malware/Elknot/90ee1a8e8f0ea5085b83b8efe174674a93260b599729bf53e1b140e2acc7d26f.7z

  • Size

    362KB

  • MD5

    86a016b9b15f8b409b1b022069c1eb42

  • SHA1

    fbed2f40fac21a2ef654026e37eafb82fb9f4ca5

  • SHA256

    f43aa2f2aad2308deeb2d2f5f01280f1a544412d8805422a7714d9bf758c4fe1

  • SHA512

    49d7c6b2b64903b149c0337a7ee7463a6e6fa8abcf3a6d2c7456f854b5f8b53535280d936a2499d803e1258b25994ed805ae90f197ba18ad81301627c7c26430

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Log4J Malware\Elknot\90ee1a8e8f0ea5085b83b8efe174674a93260b599729bf53e1b140e2acc7d26f.7z"
    1⤵
    • Modifies registry class
    PID:5104
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2328

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads