Overview

overview

3

Static

static

CodeS.class

windows7-x64

3

CodeS.class

windows10-2004-x64

3

Init.class

windows7-x64

3

Init.class

windows10-2004-x64

3

Leak.class

windows7-x64

3

Leak.class

windows10-2004-x64

3

MyBuff.class

windows7-x64

3

MyBuff.class

windows10-2004-x64

3

MyBufferedImage.class

windows7-x64

3

MyBufferedImage.class

windows10-2004-x64

3

MyColorSpace.class

windows7-x64

3

MyColorSpace.class

windows10-2004-x64

3

W1.class

windows7-x64

3

W1.class

windows10-2004-x64

3

W2.class

windows7-x64

3

W2.class

windows10-2004-x64

3

W3.class

windows7-x64

3

W3.class

windows10-2004-x64

3

W4.class

windows7-x64

3

W4.class

windows10-2004-x64

3

W5.class

windows7-x64

3

W5.class

windows10-2004-x64

3

W6.class

windows7-x64

3

W6.class

windows10-2004-x64

3

Zamanet.class

windows7-x64

3

Zamanet.class

windows10-2004-x64

3

Analysis

  • max time kernel
    132s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 23:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MyBuff.class

  • Size

    765B

  • MD5

    7f33ddd1912429434bdb0619d6ff8b54

  • SHA1

    3289827a712a404d9148ce5fca16f999c6425025

  • SHA256

    48b94246fd9413e59ef420234732eb84b7d966ef4a17c8a67467a56996ce682d

  • SHA512

    034cbe8977a694659eb95beec9e1e9cf0f71b3633b3c67e36ff8361f2e5a752a0f0880c6fc58d7c343b9f27ed8e36cff2ebd4035916c8cdbcba549f14e3f79ac

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\MyBuff.class
    1⤵
    • Modifies registry class
    PID:2040
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4088

Network

    No results found
  • 8.238.110.126:80
    46 B
     40 B
     1
    1
  • 8.238.110.126:80
    46 B
     40 B
     1
    1
  • 178.79.208.1:80
    322 B
     7
  • 8.238.10.126:80
    46 B
     40 B
     1
    1
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.