Overview
overview
10Static
static
D6.zip
windows10-1703-x64
1D6.zip
windows10-2004-x64
1SS2998.zip
windows10-1703-x64
1SS2998.zip
windows10-2004-x64
1SS2998.iso
windows10-1703-x64
3SS2998.iso
windows10-2004-x64
3SS.lnk
windows10-1703-x64
3SS.lnk
windows10-2004-x64
3pressuriza...id.txt
windows10-1703-x64
1pressuriza...id.txt
windows10-2004-x64
1pressuriza...ng.bat
windows10-1703-x64
1pressuriza...ng.bat
windows10-2004-x64
1pressuriza...er.cmd
windows10-1703-x64
1pressuriza...er.cmd
windows10-2004-x64
1pressuriza...al.dll
windows10-1703-x64
10pressuriza...al.dll
windows10-2004-x64
10pressuriza...gs.png
windows10-1703-x64
3pressuriza...gs.png
windows10-2004-x64
3Resubmissions
04-11-2022 15:53
221104-tby5ksgeg4 1004-11-2022 15:29
221104-swwphsgdc4 304-11-2022 14:47
221104-r52rfsgbc2 10Analysis
-
max time kernel
134s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04-11-2022 14:47
Static task
static1
Behavioral task
behavioral1
Sample
D6.zip
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
D6.zip
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
SS2998.zip
Resource
win10-20220901-en
Behavioral task
behavioral4
Sample
SS2998.zip
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
SS2998.iso
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
SS2998.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
SS.lnk
Resource
win10-20220901-en
Behavioral task
behavioral8
Sample
SS.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
pressurization/barmaid.txt
Resource
win10-20220812-en
Behavioral task
behavioral10
Sample
pressurization/barmaid.txt
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
pressurization/dissecting.bat
Resource
win10-20220901-en
Behavioral task
behavioral12
Sample
pressurization/dissecting.bat
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
pressurization/exasperater.cmd
Resource
win10-20220812-en
Behavioral task
behavioral14
Sample
pressurization/exasperater.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral15
Sample
pressurization/lineal.dll
Resource
win10-20220812-en
Behavioral task
behavioral16
Sample
pressurization/lineal.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral17
Sample
pressurization/nosebags.png
Resource
win10-20220812-en
Behavioral task
behavioral18
Sample
pressurization/nosebags.png
Resource
win10v2004-20220812-en
General
-
Target
SS2998.iso
-
Size
880KB
-
MD5
97e99f43a299e885584157567a52a24f
-
SHA1
6b3a205f9428d8e0b1894e2098d094d7eba0ceea
-
SHA256
36b2c48010dcfe4d6fdb44dc88e6dd9464e01ffb93cb1f588a54b26b88bd45dc
-
SHA512
0b63f32c5dbed801876bc5ef5e17ca3ca50426879d88bd5a14e763014a8894584fff09195173477d82b01ba3e7d118529d687802a2845849133fd1b26084d17b
-
SSDEEP
24576:00OHDiTF6jT5GKg3J8M2Yum7p8NCuPvU6PX:00OHeUWx2I7sCuPHP
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings cmd.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeManageVolumePrivilege 4892 cmd.exe Token: SeManageVolumePrivilege 4892 cmd.exe