Overview

overview

10

Static

static

Complete_P...e2.rar

windows7-x64

10

Complete_P...e2.rar

windows10-2004-x64

3

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

1

langs/English.ini

windows7-x64

1

langs/English.ini

windows10-2004-x64

1

langs/Hungarian.ps1

windows7-x64

1

langs/Hungarian.ps1

windows10-2004-x64

1

langs/Korean.ps1

windows7-x64

1

langs/Korean.ps1

windows10-2004-x64

1

Resubmissions

02/12/2022, 04:06

221202-en6ymacb27 10

29/11/2022, 08:17

221129-j625lsbf28 10

28/11/2022, 08:49

221128-krf49sah64 10

24/11/2022, 09:42

221124-lpgtfshe6t 10

Analysis

  • max time kernel
    263s
  • max time network
    311s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2022, 08:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Complete_Pass_1234_Active_Ze2.rar

  • Size

    5.9MB

  • MD5

    c87e04df8126ad203b0e308f50813300

  • SHA1

    7b75cfd2b2a9bb9e2a13bc3b0059ef6020852b49

  • SHA256

    25973e904b1bcfe98a83e2b20e801b8e0781889bc61e238df4066ad7944a2829

  • SHA512

    4ab59609eeab13a0a5868b394c1384cae082bc1ad80834406a16afc7b78a08c71d9cf135db66fe06ba8190911d93a367a9f725be4135e2e9a5c508c4ea1d585f

  • SSDEEP

    98304:isFSJq3U7FPJEVjmLGRD8whMjx2ho4O6ONhw8UBwsOzUOcMWraZ6Vz1Ku43jqrAN:9AJqYPJEVjmu2Z6EwjBw7aMge6SNjqri

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Complete_Pass_1234_Active_Ze2.rar
    1⤵
    • Modifies registry class
    PID:428
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3032

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads