Overview
overview
10Static
static
Invoice-06-0922.iso
windows7_x64
3Invoice-06-0922.iso
windows10-2004_x64
31204.ps1
windows7_x64
11204.ps1
windows10-2004_x64
10Scan_314.jpg
windows7_x64
3Scan_314.jpg
windows10-2004_x64
3Scan_314.jpg.lnk
windows7_x64
3Scan_314.jpg.lnk
windows10-2004_x64
10x.txt
windows7_x64
1x.txt
windows10-2004_x64
1Analysis
-
max time kernel
42s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
02-06-2022 20:53
Static task
static1
Behavioral task
behavioral1
Sample
Invoice-06-0922.iso
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice-06-0922.iso
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
1204.ps1
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
1204.ps1
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Scan_314.jpg
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Scan_314.jpg
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Scan_314.jpg.lnk
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Scan_314.jpg.lnk
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
x.txt
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
x.txt
Resource
win10v2004-20220414-en
General
-
Target
Scan_314.jpg
-
Size
88KB
-
MD5
f9b2333cc7e93568486a672225f2dd69
-
SHA1
c0143893cd2461fb2dc2c84330c1bf469dc93c34
-
SHA256
7e3875bf31005d9d352d9b029e4364df19dccf6c77f16539ca974f224a30347c
-
SHA512
d30732aba584782ef2783f388ca9183f9c4b02ec6b3e8741a91fae152f2bae19b655a53d19fc2cdbf85a0da3621d0de6c50129435b6ba937a083416d2d22c7f1
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
rundll32.exepid process 1080 rundll32.exe