Analysis
-
max time kernel
24s -
max time network
24s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
02/11/2022, 12:01
Errors
Reason
Machine shutdown
General
-
Target
docker-compose.yml
-
Size
455B
-
MD5
8e32359a939ad1bb8b7d7b0088fba743
-
SHA1
d75373888acb9ebd7324b4fdb3450ab7bdd56cd3
-
SHA256
7565d3c3c93a3abbd7a5632ae363c8431bf2383c8b69011fe8e7732adcc8eaa5
-
SHA512
0f44407478551431e442a8c9015871f9aaaba28beec4317780e73508177863da23a17ba218eeb9b4fd4c3df2b58eef78138f6102bcf44ef0ac3875c8fc903bf4
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\docker-compose.yml1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\docker-compose.yml2⤵
- Modifies registry class
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x56c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB