Analysis
-
max time kernel
13s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 13:52
Static task
static1
Behavioral task
behavioral1
Sample
could.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
could.vbs
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
moment_teach/loader_dll_64_3#001.dll15.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
moment_teach/loader_dll_64_3#001.dll15.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
moment_teach/prove_dictionary.png
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
moment_teach/prove_dictionary.png
Resource
win10v2004-20220901-en
General
-
Target
moment_teach/prove_dictionary.png
-
Size
960KB
-
MD5
9352f2a8c6ccc20ad47aa2b09950fa59
-
SHA1
b0681f112b0b961cafe62aa800b1d88b6d5cfca2
-
SHA256
ab06ce176a91769d0a9694612ac5943fe518794c4435e7dce290f1972dd656eb
-
SHA512
b39c3970bfe1612c5fd2bb07696b067535825ba5d5e6935a10588dfae06ff0b89f49f0edd3866c6a022ffafd71dd5b948cc6f0bee2ee15af1c0f4c4046b20c46
-
SSDEEP
24576:ILHOSDrlYOe3ZB8iXMYsYktqVghzT+JnlBBc6bWwF:ILHfW3ZGiXMYKt1hzT+JzJWm
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
rundll32.exepid process 960 rundll32.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/960-54-0x000007FEFB8A1000-0x000007FEFB8A3000-memory.dmpFilesize
8KB