Analysis
-
max time kernel
91s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
24-10-2022 15:12
Static task
static1
Behavioral task
behavioral1
Sample
DHL_924820.iso
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DHL_924820.iso
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
JWBHBWZC.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
JWBHBWZC.exe
Resource
win10v2004-20220812-en
General
-
Target
DHL_924820.iso
-
Size
1.2MB
-
MD5
cfda7c0d5667f6a214cf4996e5efde92
-
SHA1
7a6ed5160addc9e203696ccdaa5efc112710133a
-
SHA256
bf260ff15e0a10357980937576f516a75d209be93fdfe6852dc0f8cb5be34024
-
SHA512
792c436d175b0eb3fec94f9d09503737ed66001b99d2a30065852a135e5aeb3e0faa36444a494148e7ad4c81d952f55ede4facdf843c01f8ad55b004df23d6de
-
SSDEEP
12288:3FwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUXHvxwUxLfHazzJr0:3FGQeabFmKmFzhmvJWuMPB
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
Processes:
cmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings cmd.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
cmd.exedescription pid process Token: SeManageVolumePrivilege 1852 cmd.exe Token: SeManageVolumePrivilege 1852 cmd.exe