Resubmissions
28-09-2022 17:46
220928-wcfezahghq 128-09-2022 17:45
220928-wbw2bsgga4 128-09-2022 17:41
220928-v9h2pagfh3 328-09-2022 17:38
220928-v7n5xshggr 128-09-2022 17:33
220928-v4vtasgfg2 128-09-2022 17:30
220928-v3f9hshggk 128-09-2022 17:23
220928-vyaaeahgfk 1028-09-2022 17:13
220928-vrh9qshgdq 128-09-2022 17:10
220928-vpztpshgdn 128-09-2022 17:08
220928-vnl68ahgdk 3Analysis
-
max time kernel
91s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
28-09-2022 17:08
General
-
Target
Invoice_09-12-22_order_157.iso
-
Size
4.2MB
-
MD5
b1938ffbd6dcc69183382302604e84e5
-
SHA1
6d9984400b133cf92289d8ccd129f5d7133ce268
-
SHA256
b47bad8968dbe798ac7dc1a5648206c1819160ecd68449d9dd82ba19a0296288
-
SHA512
736e695281ed259e616d0862c64ebff16cd845767e5998162f0e7e0fe0161a0be037d17be5beb8ccade317008004880b834dab851cff04897bfa434995d33a3c
-
SSDEEP
49152:PA4O7LDVaMxLT7IHXcnfwYcoAVGnUmEd70dl4ievKgTN:PAZD3SYUmE2dl4jK
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Invoice_09-12-22_order_157.iso1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵