Overview

overview

10

Static

static

10

2022-06-16...ts.zip

windows7_x64

1

2022-06-16...ts.zip

windows10-2004_x64

1

2022-06-16...ke.txt

windows7_x64

1

2022-06-16...ke.txt

windows10-2004_x64

1

2022-06-16...LL.dll

windows7_x64

1

2022-06-16...LL.dll

windows10-2004_x64

1

2022-06-16...ff.bin

windows7_x64

3

2022-06-16...ff.bin

windows10-2004_x64

3

2022-06-16...bs.txt

windows7_x64

1

2022-06-16...bs.txt

windows10-2004_x64

1

2022-06-16...gv.bin

windows7_x64

3

2022-06-16...gv.bin

windows10-2004_x64

3

2022-06-16...us.txt

windows7_x64

1

2022-06-16...us.txt

windows10-2004_x64

1

2022-06-16...ry.bin

windows7_x64

3

2022-06-16...ry.bin

windows10-2004_x64

3

2022-06-16...LL.dll

windows7_x64

1

2022-06-16...LL.dll

windows10-2004_x64

1

2022-06-16...px.txt

windows7_x64

1

2022-06-16...px.txt

windows10-2004_x64

1

SCAN-016063.html

windows7_x64

1

SCAN-016063.html

windows10-2004_x64

1

SCAN-01606...le.zip

windows7_x64

1

SCAN-01606...le.zip

windows10-2004_x64

1

SCAN-016063.pdf.msi

windows7_x64

10

SCAN-016063.pdf.msi

windows10-2004_x64

10

SCAN-016063.html

windows7_x64

1

SCAN-016063.html

windows10-2004_x64

1

SCAN-016063.pdf.msi

windows7_x64

10

SCAN-016063.pdf.msi

windows10-2004_x64

10

SCAN-026764.html

windows7_x64

1

SCAN-026764.html

windows10-2004_x64

1

Analysis

  • max time kernel
    90s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-06-2022 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2022-06-16-extic.icu-empower-type.tiff.bin

  • Size

    205KB

  • MD5

    314a641ee6ef932f4c561388bd539090

  • SHA1

    f20a688766f3c7105b64a6342277879d751de6f3

  • SHA256

    1e9aaf1375d9f7403644b4bea2c6fe679579bf61945ba6bdb54cc7cd7b728211

  • SHA512

    2f6c34bf7bd616a5c5c5fbaefd1fe066a55af17cf599dd4cf2bc0d7185a0557ca38833f2ddbc58d32aa8a9ede2635ce4ffadb49e3f726e7d9ce080c2d1961d5d

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\2022-06-16-extic.icu-empower-type.tiff.bin
    1⤵
    • Modifies registry class
    PID:2188
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1412

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads