Overview
overview
7Static
static
FinanceEYEfeeder.zip
windows7-x64
1FinanceEYEfeeder.zip
windows10-2004-x64
1LICENSE
windows7-x64
1LICENSE
windows10-2004-x64
1README.md
windows7-x64
3README.md
windows10-2004-x64
3ThankYou.html
windows7-x64
1ThankYou.html
windows10-2004-x64
1assets/icon.png
windows7-x64
3assets/icon.png
windows10-2004-x64
3background.html
windows7-x64
1background.html
windows10-2004-x64
1background.js
windows7-x64
1background.js
windows10-2004-x64
1content.js
windows7-x64
1content.js
windows10-2004-x64
1manifest.json
windows7-x64
3manifest.json
windows10-2004-x64
3style.css
windows7-x64
3style.css
windows10-2004-x64
7Analysis
-
max time kernel
36s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 21:30
Static task
static1
Behavioral task
behavioral1
Sample
FinanceEYEfeeder.zip
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
FinanceEYEfeeder.zip
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
LICENSE
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
LICENSE
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
README.md
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
README.md
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
ThankYou.html
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
ThankYou.html
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
assets/icon.png
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
assets/icon.png
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
background.html
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
background.html
Resource
win10v2004-20220901-en
Behavioral task
behavioral13
Sample
background.js
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
background.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
content.js
Resource
win7-20220901-en
Behavioral task
behavioral16
Sample
content.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral17
Sample
manifest.json
Resource
win7-20220812-en
Behavioral task
behavioral18
Sample
manifest.json
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
style.css
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
style.css
Resource
win10v2004-20220901-en
General
-
Target
style.css
-
Size
753B
-
MD5
1fa01153ea3c25a9e67fc0998df2d61c
-
SHA1
2a30cf61c05319b5fba457f67d29dc9409771a06
-
SHA256
bfaef90ad6283350e3a8e426c45342ce6ee330d39a98874f845c280a8e398eb2
-
SHA512
6754fc8c344f8317b24f0337920decd143dcaaedb3754b4f2248f862f31e835b71ede2088bf30ae3b634e0c827f82daf3a869acde560a7291f9fd5b90d0f105c
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 1352 NOTEPAD.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1708 wrote to memory of 1352 1708 cmd.exe NOTEPAD.EXE PID 1708 wrote to memory of 1352 1708 cmd.exe NOTEPAD.EXE PID 1708 wrote to memory of 1352 1708 cmd.exe NOTEPAD.EXE
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\style.css1⤵
- Suspicious use of WriteProcessMemory
PID:1708 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\style.css2⤵
- Opens file in notepad (likely ransom note)
PID:1352