Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    22-05-2022 14:04

General

  • Target

    shellcode.bin

  • Size

    354B

  • MD5

    3dd3714c2475f68df25f22972b0daf6b

  • SHA1

    4caa405a4d9df21a40f38cac01110724294ad053

  • SHA256

    1977de5a672256d048086b075e28afda2c54b4f42bd4de75ecaeceeba699e87e

  • SHA512

    06d886bc2e359bafc827ed273160472b37b68d5d550b4e7c3c460fe9024a0715b3c248a076d40639f3019af6e5cf3380da2c68ef7a33ff5f5de56c80e696b67c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\shellcode.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\shellcode.bin
      2⤵
      • Modifies registry class
      PID:1688

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-76-0x0000000000000000-mapping.dmp
  • memory/1836-54-0x000007FEFC461000-0x000007FEFC463000-memory.dmp
    Filesize

    8KB