Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
27/06/2022, 18:17
Static task
static1
Behavioral task
behavioral1
Sample
Project Requirements.lnk
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Project Requirements.lnk
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
file.dll
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
file.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
file.rsp
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
file.rsp
Resource
win10v2004-20220414-en
General
-
Target
file.rsp
-
Size
15B
-
MD5
1c6a69652e5dcdef6a4c8c8c9e546485
-
SHA1
46e22f9189a4fc3dc8fd91298b0f5e826a17d7ae
-
SHA256
499edadfbca140ed6e915a7fb7769b8f3da33c4d2173ff056f489a07da91dc4e
-
SHA512
c05d4b04a79430c90930d8e841a1bf134990d5e39dd1a3b6c5dd2d8a13a7c0e2b49887cebfa89328a75f45d58f661e6956ce98ed4b1d0d338fd9133286091daf
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5020 OpenWith.exe