Overview
overview
10Static
static
Document-1310.iso
windows7_x64
3Document-1310.iso
windows10-2004_x64
31662.ps1
windows7_x64
11662.ps1
windows10-2004_x64
10Scan_139.jpg
windows7_x64
3Scan_139.jpg
windows10-2004_x64
3Scan_139.jpg.lnk
windows7_x64
3Scan_139.jpg.lnk
windows10-2004_x64
10x.txt
windows7_x64
1x.txt
windows10-2004_x64
1Analysis
-
max time kernel
76s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
02-06-2022 19:49
Static task
static1
Behavioral task
behavioral1
Sample
Document-1310.iso
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Document-1310.iso
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
1662.ps1
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
1662.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Scan_139.jpg
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Scan_139.jpg
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Scan_139.jpg.lnk
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Scan_139.jpg.lnk
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
x.txt
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
x.txt
Resource
win10v2004-20220414-en
General
-
Target
Document-1310.iso
-
Size
338KB
-
MD5
ba10e6e571578304126a889202571e1b
-
SHA1
4a5d5a50503bc96e50b103981f05373982ecf307
-
SHA256
692ad829cb6c9788998acb106ea4d8311e432c866d082ac3cc117166ac50080d
-
SHA512
aa0971e9169786e65407aae13a05b23710abda00c23d5103434ac655183670248a19736153c2528661f6dd7fcf46bc03df2c9264b84e24464aaa7ad916f6c40b
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings cmd.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 3632 cmd.exe