Analysis
-
max time kernel
137s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 10:38
Static task
static1
Behavioral task
behavioral1
Sample
s/go.sh
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
s/go.sh
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
s/ps
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral4
Sample
s/scan
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral5
Sample
s/scan
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral6
Sample
s/scan
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral7
Sample
s/scan
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral8
Sample
s/ss
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral9
Sample
s/ssh-scan
Resource
ubuntu1804-amd64-20221111-en
General
-
Target
s/go.sh
-
Size
125B
-
MD5
f8dab7c30afe989a3324752b9703449d
-
SHA1
487bc217f6f2415431a9134612aa0f4b14a8afa9
-
SHA256
be8424f3c8f6b8cdeb743d00a4891925704e9066f682efa26e22c860200cfc2b
-
SHA512
d384ac879447df1d94888c292ae670f4c03e5eb907d9c3bfa436acd7727ab625d45c506d525c57bcee73c0e7de368c70a88216406cc7e95a75d7de2ffe28d780
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4904 OpenWith.exe