Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
18-11-2022 12:06
General
-
Target
New Text Document.txt
-
Size
1B
-
MD5
0cc175b9c0f1b6a831c399e269772661
-
SHA1
86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
-
SHA256
ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
-
SHA512
1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /ipk w269n-wfgwx-yvc9b-4j6c9-t83gx2⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /skms kms8.msguides.com2⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /ato2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2220-132-0x0000000000000000-mapping.dmp
-
memory/4284-134-0x0000000000000000-mapping.dmp
-
memory/4828-133-0x0000000000000000-mapping.dmp