Analysis
-
max time kernel
171s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
22-11-2022 17:29
General
-
Target
Agreement_BMX87.iso
-
Size
662KB
-
MD5
301a09558cbc43c2676f058ddeaabaf9
-
SHA1
cb7046d10bb73591d1a9343328d2535cb3388ec0
-
SHA256
49c293857151c324d49aee732f34e236b99bba8bd0bf686aff3f900375db8297
-
SHA512
050bc7053bbb1a45029a07ca70c6a08899b3716347dec7914ef4d14e208ff1a6bc84c4242772ce003312eaba6992c25dfbd5206ceab6be90035107889cbdaa8c
-
SSDEEP
12288:XNGLxwOQHy6E1YF7P01JSdCLjqa/9lNdMxgligH8:XNGLxSHy6VP0/Ssfh9lUM
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Agreement_BMX87.iso1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 476 -p 1244 -ip 12441⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1244 -s 7841⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 556 -p 1392 -ip 13921⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1392 -s 17801⤵
- Program crash