Overview
overview
10Static
static
8challenge-files.zip
windows10-2004-x64
1challenge-...top.gz
windows10-2004-x64
3Stairs.txt
windows10-2004-x64
1challenge-...sk.txt
windows10-2004-x64
3challenge-...64.dll
windows10-2004-x64
10challenge-...st.hta
windows10-2004-x64
7challenge-...st.dll
windows10-2004-x64
10challenge-...1.docm
windows10-2004-x64
10challenge-...c.pcap
windows10-2004-x64
3challenge-...se.dat
windows10-2004-x64
3Analysis
-
max time kernel
142s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220722-en -
resource tags
arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system -
submitted
10-08-2022 19:06
Behavioral task
behavioral1
Sample
challenge-files.zip
Resource
win10v2004-20220721-en
Behavioral task
behavioral2
Sample
challenge-files/challenge-files/2021-06-02-fake-gzip-file-from-supplementik.top.gz
Resource
win10v2004-20220721-en
Behavioral task
behavioral3
Sample
Stairs.txt
Resource
win10v2004-20220721-en
Behavioral task
behavioral4
Sample
challenge-files/challenge-files/2021-06-02-scheduled-task.txt
Resource
win10v2004-20220721-en
Behavioral task
behavioral5
Sample
challenge-files/challenge-files/Tetoomdu64.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral6
Sample
challenge-files/challenge-files/collectionBoxConst.hta
Resource
win10v2004-20220722-en
Behavioral task
behavioral7
Sample
challenge-files/challenge-files/collectionBoxConst.dll
Resource
win10v2004-20220721-en
Behavioral task
behavioral8
Sample
challenge-files/challenge-files/docs 06.02.2021.docm
Resource
win10v2004-20220721-en
Behavioral task
behavioral9
Sample
challenge-files/challenge-files/infection-traffic.pcap
Resource
win10v2004-20220721-en
Behavioral task
behavioral10
Sample
challenge-files/challenge-files/license.dat
Resource
win10v2004-20220721-en
General
-
Target
challenge-files/challenge-files/collectionBoxConst.hta
-
Size
3KB
-
MD5
99a1a4391c6be3ac5f137c0a092d8edd
-
SHA1
34afc663a569d0ba183c73ab40ae8d682273d193
-
SHA256
b25865183c5cd2c5e550aca8476e592b62ed3e37e6b628f955bbed454fdbb100
-
SHA512
45e5b38d72add4d28234b539071a3cb4059c9c104b5389a43190fd3197843e103fdaf7552c1edcb9bbbabe15b122a8bef0389ce39d6130b438a835c4c2d4f345
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
mshta.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Control Panel\International\Geo\Nation mshta.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
mshta.exedescription pid process target process PID 1044 wrote to memory of 3620 1044 mshta.exe rundll32.exe PID 1044 wrote to memory of 3620 1044 mshta.exe rundll32.exe PID 1044 wrote to memory of 3620 1044 mshta.exe rundll32.exe
Processes
-
C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\challenge-files\challenge-files\collectionBoxConst.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" c:\users\public\collectionBoxConst.jpg,PluginInit2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3620-132-0x0000000000000000-mapping.dmp