Overview
overview
10Static
static
Claim_Letter.lnk
windows7-x64
3Claim_Letter.lnk
windows10-2004-x64
3about/doGive.bat
windows7-x64
1about/doGive.bat
windows10-2004-x64
1about/justFirst.dll
windows7-x64
10about/justFirst.dll
windows10-2004-x64
10about/wellThing.js
windows7-x64
3about/wellThing.js
windows10-2004-x64
1Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14-09-2022 15:31
Static task
static1
Behavioral task
behavioral1
Sample
Claim_Letter.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Claim_Letter.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
about/doGive.bat
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
about/doGive.bat
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
about/justFirst.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
about/justFirst.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
about/wellThing.js
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
about/wellThing.js
Resource
win10v2004-20220812-en
General
-
Target
about/wellThing.js
-
Size
208B
-
MD5
5f60c99c6a73734338667bf85b2b2b51
-
SHA1
b9f42f5957d21acd3dbb25d3e5fe56e939e77ca7
-
SHA256
f53db0cabdb1d9610afcd83f825b126a0f82175bcafbdbd422aeeb15d7f58aa3
-
SHA512
15c5d182c4687a3e2a34f86dbeebcdf4793ba0bb9894f2a87d02c5a4211f27417f5c5e8cd9ca0e40b640faf5061c15eeb582ef14296941e3c31098aeaeab04cd
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1972-54-0x000007FEFC2C1000-0x000007FEFC2C3000-memory.dmpFilesize
8KB