Overview
overview
10Static
static
Contract.lnk
windows7-x64
3Contract.lnk
windows10-2004-x64
3unbelt/fifty.dll
windows7-x64
10unbelt/fifty.dll
windows10-2004-x64
10unbelt/pre...ing.js
windows7-x64
3unbelt/pre...ing.js
windows10-2004-x64
1unbelt/tic...ly.cmd
windows7-x64
1unbelt/tic...ly.cmd
windows10-2004-x64
1Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26-09-2022 12:00
Static task
static1
Behavioral task
behavioral1
Sample
Contract.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Contract.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
unbelt/fifty.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
unbelt/fifty.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
unbelt/pressurizingFollowing.js
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
unbelt/pressurizingFollowing.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
unbelt/ticklingClinically.cmd
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
unbelt/ticklingClinically.cmd
Resource
win10v2004-20220812-en
General
-
Target
unbelt/pressurizingFollowing.js
-
Size
178B
-
MD5
0788ccab7dbd4bc1255203bcb92b5294
-
SHA1
47f0435e24c52ac8977be616970fe5b34491e7cf
-
SHA256
94259efd6a495de885df659739dc28267997983db1bb851b01178f0b2db4e254
-
SHA512
31bb50b028d72c47dae0dc9e91c1a05eb72d20e0b3346901c352555298b3df6180d2484c34b80294121055d633733d4e58bae774b1d32463cb54eb99cab1365a
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1756-54-0x000007FEFC521000-0x000007FEFC523000-memory.dmpFilesize
8KB