Overview

overview

10

Static

static

Document-1310.iso

windows7_x64

3

Document-1310.iso

windows10-2004_x64

3

1662.ps1

windows7_x64

1

1662.ps1

windows10-2004_x64

10

Scan_139.jpg

windows7_x64

3

Scan_139.jpg

windows10-2004_x64

3

Scan_139.jpg.lnk

windows7_x64

3

Scan_139.jpg.lnk

windows10-2004_x64

10

x.txt

windows7_x64

1

x.txt

windows10-2004_x64

1

Resubmissions

05-06-2022 15:10

220605-sj6zqabfd5 8

02-06-2022 19:49

220602-yjvvcabad9 10

Analysis

  • max time kernel
    76s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    02-06-2022 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Document-1310.iso

  • Size

    338KB

  • MD5

    ba10e6e571578304126a889202571e1b

  • SHA1

    4a5d5a50503bc96e50b103981f05373982ecf307

  • SHA256

    692ad829cb6c9788998acb106ea4d8311e432c866d082ac3cc117166ac50080d

  • SHA512

    aa0971e9169786e65407aae13a05b23710abda00c23d5103434ac655183670248a19736153c2528661f6dd7fcf46bc03df2c9264b84e24464aaa7ad916f6c40b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Document-1310.iso
    1⤵
    • Modifies registry class
    • Suspicious behavior: LoadsDriver
    PID:3632

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads