Overview

overview

3

Static

static

imagestore.dat

windows7-x64

3

imagestore.dat

windows10-2004-x64

3

Analysis

  • max time kernel
    69s
  • max time network
    73s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 19:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    imagestore.dat

  • Size

    5KB

  • MD5

    eede441a0755fe0d346c95fd4442e252

  • SHA1

    2c4d2276c74d7bfac2fb67e39d47e47d627e0c2e

  • SHA256

    d57522a9f2ac0ddf6c4817f7ca137ec6cff448b3c6f55b43d6e5ab4a8b770e5f

  • SHA512

    9df2a294ebc0b11dda3c9c2bd77a9845f6e4ca698a6146bdab45b7bb46fadc45d1e7ab1ce00a83afcb6df2e49929e439f7016ee2eda185701757e5609b17bb0e

  • SSDEEP

    48:xwDaO7IJct3xItwDaYxG/7nvWDtZcdYLtX7B6QXL3aqG8f:YvIJct+MP47v+rcqlBPG9i

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\imagestore.dat
    1⤵
    • Modifies registry class
    PID:748
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2012

Network

    No results found
  • 52.109.8.45:443
    40 B
     1
  • 8.238.110.126:80
    322 B
     7
  • 13.89.179.10:443
    322 B
     7
  • 23.54.143.231:443
    tls
    92 B
     111 B
     2
    2
  • 23.54.143.231:443
    tls
    92 B
     111 B
     2
    2
  • 8.238.110.126:80
    322 B
     7
  • 8.238.110.126:80
    322 B
     7
  • 8.238.110.126:80
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.