Overview

overview

10

Static

static

10

2022-06-16...ts.zip

windows7_x64

1

2022-06-16...ts.zip

windows10-2004_x64

1

2022-06-16...ke.txt

windows7_x64

1

2022-06-16...ke.txt

windows10-2004_x64

1

2022-06-16...LL.dll

windows7_x64

1

2022-06-16...LL.dll

windows10-2004_x64

1

2022-06-16...ff.bin

windows7_x64

3

2022-06-16...ff.bin

windows10-2004_x64

3

2022-06-16...bs.txt

windows7_x64

1

2022-06-16...bs.txt

windows10-2004_x64

1

2022-06-16...gv.bin

windows7_x64

3

2022-06-16...gv.bin

windows10-2004_x64

3

2022-06-16...us.txt

windows7_x64

1

2022-06-16...us.txt

windows10-2004_x64

1

2022-06-16...ry.bin

windows7_x64

3

2022-06-16...ry.bin

windows10-2004_x64

3

2022-06-16...LL.dll

windows7_x64

1

2022-06-16...LL.dll

windows10-2004_x64

1

2022-06-16...px.txt

windows7_x64

1

2022-06-16...px.txt

windows10-2004_x64

1

SCAN-016063.html

windows7_x64

1

SCAN-016063.html

windows10-2004_x64

1

SCAN-01606...le.zip

windows7_x64

1

SCAN-01606...le.zip

windows10-2004_x64

1

SCAN-016063.pdf.msi

windows7_x64

10

SCAN-016063.pdf.msi

windows10-2004_x64

10

SCAN-016063.html

windows7_x64

1

SCAN-016063.html

windows10-2004_x64

1

SCAN-016063.pdf.msi

windows7_x64

10

SCAN-016063.pdf.msi

windows10-2004_x64

10

SCAN-026764.html

windows7_x64

1

SCAN-026764.html

windows10-2004_x64

1

Analysis

  • max time kernel
    91s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-06-2022 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx-converted-to-XOR-ed-binary.bin

  • Size

    591KB

  • MD5

    97fc6726f396c4b86bc84ca97e787637

  • SHA1

    ad6e5024a0be6f69370e7a0482a2baa27c4a25be

  • SHA256

    a5b06297d86aee3c261df7415a4fa873f38bd5573523178000d89a8d5fd64b9a

  • SHA512

    52224bf00b3b54dfc74f64b7635a47fd065180c1df2afc26931273eb3b9784f11b09321686c371cf4fc9447dc693ae00308d5b6b285f290f9c65130b9b698a41

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\2022-06-16-telemetrysystemcollection.com-m8YYdu-mCQ2U9-home.aspx-converted-to-XOR-ed-binary.bin
    1⤵
    • Modifies registry class
    PID:3888
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3180

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads