Overview
overview
10Static
static
Adobe_Phot...on.zip
windows7-x64
10Adobe_Phot...on.zip
windows10-2004-x64
1Adobe_Phot...on.exe
windows7-x64
10Adobe_Phot...on.exe
windows10-2004-x64
10FILE_ID.diz
windows7-x64
3FILE_ID.diz
windows10-2004-x64
3Password.HERE.jpg
windows7-x64
3Password.HERE.jpg
windows10-2004-x64
3Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30-09-2022 20:03
Static task
static1
Behavioral task
behavioral1
Sample
Adobe_Photoshop_CC_Serial_keygen_by_KeyGenLion.zip
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Adobe_Photoshop_CC_Serial_keygen_by_KeyGenLion.zip
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Adobe_Photoshop_CC_Serial_keygen_by_KeyGenLion.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Adobe_Photoshop_CC_Serial_keygen_by_KeyGenLion.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
FILE_ID.diz
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
FILE_ID.diz
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
Password.HERE.jpg
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Password.HERE.jpg
Resource
win10v2004-20220812-en
General
-
Target
Password.HERE.jpg
-
Size
2KB
-
MD5
b364a2257ab7db077315e62596501546
-
SHA1
71f6b6379f9e160eb67dbc6940d73b33d3f69b93
-
SHA256
8884f7ba74500a91e09c20f279f2f97480efa450df10712ea3f46ec2c21836af
-
SHA512
a7a27e46144784be164df45e37de36cbe28f8fd251c18c9c81c458c4a6450926690a0311933ac291bb8bf3d16acbe29ef215a2f49b637422a7bd318046668ced
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
rundll32.exepid process 1884 rundll32.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1884-54-0x000007FEFB5C1000-0x000007FEFB5C3000-memory.dmpFilesize
8KB