Analysis
-
max time kernel
91s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
21-09-2022 15:25
Behavioral task
behavioral1
Sample
New-Ulm-Guide-2018.pdf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
New-Ulm-Guide-2018.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
PERQ.joboptions
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
PERQ.joboptions
Resource
win10v2004-20220812-en
General
-
Target
PERQ.joboptions
-
Size
29KB
-
MD5
c93723777669f56c1220331a8e3ff1a9
-
SHA1
8006b171ab37d600de2dba842d00ae2677429fcc
-
SHA256
a6afe776f215f6cfc27d961b679392b5992081b0ce6eb8bc5a160100a419c863
-
SHA512
2633fe97d482bf0e12e527e1a20ecd372d9a9342401a777aa1d6c609d18f8749d7682033a75e1dddb47dfb41b44450e522ae72a1fb5f485a2de1505264c088b3
-
SSDEEP
384:OOVve32WylD+h+aNiUMEMkMxpMtFIjBPRDJ:O02mWylD+VixEM0IjBpV
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 4924 OpenWith.exe