Analysis
-
max time kernel
92s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
17-11-2022 18:07
General
-
Target
ContractCopy_RL43.iso
-
Size
1.2MB
-
MD5
1f4ffad05c33f183a7c3d4b05d8b5490
-
SHA1
c1631878deeae7cfe14373a706802364148d4713
-
SHA256
48c524582f19877e5b0514516dc4d6501ed42f347dd819b2d0d217de545bd480
-
SHA512
b1be81e06bdbfe15b945e41a7c47eb14ef55e4209399da844f5e9086b8fab13e7cf8081849775d57614a1e1c2db4a9ab76e068dfc3bb8c744c0907a4a86f72c5
-
SSDEEP
24576:Gold7QUoTzXWdfwTTn3M9XqdX+Di317qne:7VU7Wdf6M9XmXSi317qne
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ContractCopy_RL43.iso1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken