3b82d74f50dc7ebf5236aa37ecd6d70229715a8b3ae79562100a7d3b7905919c

Resubmissions

18-11-2022 21:52

221118-1q7tlahh95 10

18-11-2022 20:51

221118-znmj7sca2s 3

Analysis

max time kernel
1227s
max time network
1229s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2022 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OB76.iso
Size

842KB
MD5

e44811e8afd7e0227dfa35ff28643752
SHA1

6378e72d856b153affaf3caf44a89f19b008f1a8
SHA256

5a0f6ebc772c3a8897ba35aafba430f1fd262320f290b42764988d2c9c5454f4
SHA512

14a50038fc9d8aed163b88861f5ecc346d0a1b7f25988d061f530b48c5143bd9131740a5468a5cf9caf831165f5cea294802b32d8ce2072cecfcd4541e494550
SSDEEP

24576:ENdpWbYGQajBp6Pi1YWaw46K8zWcCTiUQsC3:YUbzQaNpx1DaIK8Iq3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Modifies registry class 1 IoCs

Processes:

cmd.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Local Settings cmd.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

cmd.exe

description pid process

Token: SeManageVolumePrivilege 3460 cmd.exe
Token: SeManageVolumePrivilege 3460 cmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Local Settings	cmd.exe

description	pid	process
Token: SeManageVolumePrivilege	3460	cmd.exe
Token: SeManageVolumePrivilege	3460	cmd.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\OB76.iso
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3460

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads