Overview
overview
10Static
static
order.lnk
windows7-x64
3order.lnk
windows10-2004-x64
3year/day.jpg
windows7-x64
3year/day.jpg
windows10-2004-x64
3year/make.dll
windows7-x64
10year/make.dll
windows10-2004-x64
10year/new.gif
windows7-x64
1year/new.gif
windows10-2004-x64
1year/worker.cmd
windows7-x64
1year/worker.cmd
windows10-2004-x64
1year/worker.js
windows7-x64
1year/worker.js
windows10-2004-x64
1Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
resource tags
arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system -
submitted
20/07/2022, 21:21
Static task
static1
Behavioral task
behavioral1
Sample
order.lnk
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
order.lnk
Resource
win10v2004-20220715-en
Behavioral task
behavioral3
Sample
year/day.jpg
Resource
win7-20220715-en
Behavioral task
behavioral4
Sample
year/day.jpg
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
year/make.dll
Resource
win7-20220715-en
Behavioral task
behavioral6
Sample
year/make.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
year/new.gif
Resource
win7-20220718-en
Behavioral task
behavioral8
Sample
year/new.gif
Resource
win10v2004-20220718-en
Behavioral task
behavioral9
Sample
year/worker.cmd
Resource
win7-20220718-en
Behavioral task
behavioral10
Sample
year/worker.cmd
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
year/worker.js
Resource
win7-20220715-en
Behavioral task
behavioral12
Sample
year/worker.js
Resource
win10v2004-20220715-en
General
-
Target
year/day.jpg
-
Size
95KB
-
MD5
4af9af4c74fe63e354d0be755089cfd8
-
SHA1
b6563d187ac1715d50eae2181ddc7026af5dc12a
-
SHA256
a28a8f52c41a1f4879e50e44f8fffa12def7624f5794d8b11eb3cf1bd06a6205
-
SHA512
71bc7c2af6050d5b6a62ea12883978f5fe6b8f6794619c5636646ead37dc122b35144babe21eb9d11001b0c041448fc65ccd116eb32f4caa4012cb9336760f36
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.