Overview

overview

5

Static

static

s/go.sh

windows7-x64

3

s/go.sh

windows10-2004-x64

3

s/ps

ubuntu-18.04-amd64

s/scan

ubuntu-18.04-amd64

5

s/scan

debian-9-armhf

5

s/scan

debian-9-mips

5

s/scan

debian-9-mipsel

5

s/ss

ubuntu-18.04-amd64

1

s/ssh-scan

ubuntu-18.04-amd64

1

Analysis

  • max time kernel
    149s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    s/go.sh

  • Size

    125B

  • MD5

    f8dab7c30afe989a3324752b9703449d

  • SHA1

    487bc217f6f2415431a9134612aa0f4b14a8afa9

  • SHA256

    be8424f3c8f6b8cdeb743d00a4891925704e9066f682efa26e22c860200cfc2b

  • SHA512

    d384ac879447df1d94888c292ae670f4c03e5eb907d9c3bfa436acd7727ab625d45c506d525c57bcee73c0e7de368c70a88216406cc7e95a75d7de2ffe28d780

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\s\go.sh
    1⤵
    • Modifies registry class
    PID:4004
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4708

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads