Analysis
-
max time kernel
199s -
max time network
205s -
platform
windows10-2004_x64 -
resource
win10v2004-20220722-en -
resource tags
arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system -
submitted
27-07-2022 18:52
Behavioral task
behavioral1
Sample
57d2eb5dae4dd6a0a3f972adb4dbd27262e1155b839acaaa9ee72657d6d58c31.rar
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
57d2eb5dae4dd6a0a3f972adb4dbd27262e1155b839acaaa9ee72657d6d58c31.rar
Resource
win10v2004-20220722-en
Behavioral task
behavioral3
Sample
Setup/Setup.exe
Resource
win7-20220718-en
General
-
Target
57d2eb5dae4dd6a0a3f972adb4dbd27262e1155b839acaaa9ee72657d6d58c31.rar
-
Size
7.8MB
-
MD5
dd41905013365151acce0fb08d1eb0de
-
SHA1
a25b70dc55692569b19e571e8cfce96a0d30cccd
-
SHA256
57d2eb5dae4dd6a0a3f972adb4dbd27262e1155b839acaaa9ee72657d6d58c31
-
SHA512
461f524cfd83072da284839032fc15e93fdd044142b30008f20ecbdae068afb184757a00b12118515d978b92ec2c3b10e3a8575daf13c6f6589e5cbf8278037f
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
OpenWith.execmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000_Classes\Local Settings cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1652 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\57d2eb5dae4dd6a0a3f972adb4dbd27262e1155b839acaaa9ee72657d6d58c31.rar1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx