Analysis
-
max time kernel
96s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04-10-2022 15:23
Static task
static1
Behavioral task
behavioral1
Sample
scan-8b2bda1b-2536-411b-a1b3-f54ce7e73124.iso
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
scan-8b2bda1b-2536-411b-a1b3-f54ce7e73124.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
3270265e-2684-4dd5-a085-ade5cf0a4a35.dll
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
3270265e-2684-4dd5-a085-ade5cf0a4a35.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
scan-8b2bda1b-2536-411b-a1b3-f54ce7e73124.lnk
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
scan-8b2bda1b-2536-411b-a1b3-f54ce7e73124.lnk
Resource
win10v2004-20220812-en
General
-
Target
scan-8b2bda1b-2536-411b-a1b3-f54ce7e73124.iso
-
Size
1.8MB
-
MD5
1379fddaf175543aaa03d14d9b487ba1
-
SHA1
59b3b8f97b64149064f24563c51c155c258ca9c2
-
SHA256
d2178b009e4e39ee1a2afbc6b9ffbc7a2e77f47dbbb6618ae5f25ffacd277834
-
SHA512
a88d0fb1a43b6eb3861c6f319f58a56394a57b572bd95fd03c0d21183f0c52062a8907c71d7407afabe14fabf738ce3fa8c8ff5a68be9533a3b6476a55d6fb8a
-
SSDEEP
24576:TB3lPrWuXS/SxockV62gDJmw0WrNpEMiHMFEWQWDyuKcpk:dlPrDvxoT6Fmw0WJGM8QQAyT
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
Processes:
cmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings cmd.exe