Overview
overview
10Static
static
order.lnk
windows7-x64
3order.lnk
windows10-2004-x64
3year/day.jpg
windows7-x64
3year/day.jpg
windows10-2004-x64
3year/make.dll
windows7-x64
10year/make.dll
windows10-2004-x64
10year/new.gif
windows7-x64
1year/new.gif
windows10-2004-x64
1year/worker.cmd
windows7-x64
1year/worker.cmd
windows10-2004-x64
1year/worker.js
windows7-x64
1year/worker.js
windows10-2004-x64
1Analysis
-
max time kernel
91s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220715-en -
resource tags
arch:x64arch:x86image:win10v2004-20220715-enlocale:en-usos:windows10-2004-x64system -
submitted
20/07/2022, 21:21
Static task
static1
Behavioral task
behavioral1
Sample
order.lnk
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
order.lnk
Resource
win10v2004-20220715-en
Behavioral task
behavioral3
Sample
year/day.jpg
Resource
win7-20220715-en
Behavioral task
behavioral4
Sample
year/day.jpg
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
year/make.dll
Resource
win7-20220715-en
Behavioral task
behavioral6
Sample
year/make.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
year/new.gif
Resource
win7-20220718-en
Behavioral task
behavioral8
Sample
year/new.gif
Resource
win10v2004-20220718-en
Behavioral task
behavioral9
Sample
year/worker.cmd
Resource
win7-20220718-en
Behavioral task
behavioral10
Sample
year/worker.cmd
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
year/worker.js
Resource
win7-20220715-en
Behavioral task
behavioral12
Sample
year/worker.js
Resource
win10v2004-20220715-en
General
-
Target
order.lnk
-
Size
1KB
-
MD5
65f6162dcceb758b973278fe7a4ec800
-
SHA1
1be2502ed38a1e3fdc91e859d91a7f56888eead4
-
SHA256
bec5dae7f8dad5b86c755b5ce851551cc2afc52a50f4317f1e745250ca80d635
-
SHA512
dc903be52d39d40cd13471ddc08c6f1f4edcb2635089caf9c846794ab4b74526b4924824b85dc78f36aa88d9097b345c059a5546378dd3161bc3c7d4253b5486
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.