Overview

overview

10

Static

static

FF.vbs

windows10-2004-x64

10

data.txt

windows10-2004-x64

1

swore/bandannas.dll

windows10-2004-x64

10

swore/personalize.txt

windows10-2004-x64

1

swore/pestle.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    301s
  • max time network
    282s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-11-2022 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    swore/pestle.txt

  • Size

    277KB

  • MD5

    df1d4260ab003551c55772ec4318c294

  • SHA1

    9e8a3c90933d4fd5e1d6f64e06d3a60a78ac42a0

  • SHA256

    1d13b655d1c8c275c1943badcaef5c56e2c47865d27dcaf9d6230809c05af2ff

  • SHA512

    6716f24008d08079809e10efaa971659d83902846c5184d0c2973238e2677bbc9436b25aae276ce118ec773fd02acc812750926d97f65d1c624a71c32781fa04

  • SSDEEP

    6144:q0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXplD1b++BbXm/W6HB0lDE4KXplDVblD94:4Hp5uTBp2

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\swore\pestle.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads