Overview
overview
10Static
static
Invoi_PDF.lnk
windows7-x64
3Invoi_PDF.lnk
windows10-2004-x64
3ricocheted...ted.js
windows7-x64
3ricocheted...ted.js
windows10-2004-x64
1ricocheted...rs.cmd
windows7-x64
1ricocheted...rs.cmd
windows10-2004-x64
1ricocheted...ys.dll
windows7-x64
10ricocheted...ys.dll
windows10-2004-x64
10Analysis
-
max time kernel
46s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26-09-2022 15:08
Static task
static1
Behavioral task
behavioral1
Sample
Invoi_PDF.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Invoi_PDF.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
ricocheted/detonatorUncaptivated.js
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
ricocheted/detonatorUncaptivated.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
ricocheted/pregnantTitillators.cmd
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
ricocheted/pregnantTitillators.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
ricocheted/trolleys.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
ricocheted/trolleys.dll
Resource
win10v2004-20220812-en
General
-
Target
ricocheted/detonatorUncaptivated.js
-
Size
257B
-
MD5
0e21f3235ba12be75a0d9647157b02f0
-
SHA1
7204c0dba1683c52fe7894a55a3aa2b48d539dd6
-
SHA256
6df27729f7696ecc1e9c94dc0ba88facdcd624a70b76ab1094662fdf8c074eef
-
SHA512
8000b9d8dfb03250e55aa4da2ad3a01e9a520c2231aa3639d3f0f33abebf2544bd82fd507272ea9d72043a6b77b53e9107702936860439a296498560da74789b
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1680-54-0x000007FEFB741000-0x000007FEFB743000-memory.dmpFilesize
8KB