Analysis
-
max time kernel
186s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
23-11-2022 06:29
General
-
Target
document_Y265_Nov#22.iso
-
Size
1.2MB
-
MD5
d782ce153ee4ff3e2e923e59490f30d6
-
SHA1
1d91a7c75acd202ecf89bd001660885b99c37b98
-
SHA256
9f732f21cd6bea13a4dbabbf90aa687cafd5b4b530ec27066152479e37f4cec8
-
SHA512
eb3796e5030727b1859cd4bf949d45aa24cc6c2516a50ae1dc21e65c72bfaf7af77760d2fdaf0d7bf18766df88885c31e66b7987be1f085dc83f501c7ea9088b
-
SSDEEP
24576:vtE8Z3shoA9qB8DvUAZkl9iIDIQIFaOGYnknF6:e8vmqB8DUAZklKxnknF6
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\document_Y265_Nov#22.iso1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 448 -p 4272 -ip 42721⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4272 -s 17801⤵
- Program crash