Analysis
-
max time kernel
40s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
09-06-2022 16:10
Static task
static1
Behavioral task
behavioral1
Sample
ScannedDocuments_8080655.lnk
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ScannedDocuments_8080655.lnk
Resource
win10-20220414-en
Behavioral task
behavioral3
Sample
ScannedDocuments_8080655.lnk
Resource
win10v2004-20220414-en
Behavioral task
behavioral4
Sample
ScannedDocuments_8080655.lnk
Resource
win11-20220223-en
Behavioral task
behavioral5
Sample
local.dll
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
local.dll
Resource
win10-20220414-en
Behavioral task
behavioral7
Sample
local.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral8
Sample
local.dll
Resource
win11-20220223-en
General
-
Target
ScannedDocuments_8080655.lnk
-
Size
1KB
-
MD5
a43c525371ce9f2fcccba240a1fc5a33
-
SHA1
9ec61778e8605c7bd304f84f0867ada794a2d9f0
-
SHA256
89532ec32e52234cef6c82443cc08d3b9461d0a87d1cde778d8b5dfe34c54022
-
SHA512
c405eae2c58cbca8005a4396b8572dcc7c82ba08a91b3cb83f9892b44204dfea44a8214804ed9addff6de6c21cf70888a8afc7c98cdca35681970d387780aad4
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1380 wrote to memory of 896 1380 cmd.exe rundll32.exe PID 1380 wrote to memory of 896 1380 cmd.exe rundll32.exe PID 1380 wrote to memory of 896 1380 cmd.exe rundll32.exe