Analysis
-
max time kernel
178s -
max time network
191s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 20:14
Static task
static1
Behavioral task
behavioral1
Sample
5af9c6a0-f899-4124-de70-08dad23c8e67.gz
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
5af9c6a0-f899-4124-de70-08dad23c8e67.gz
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
sample.eml
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
sample.eml
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
attachment-1.tnef
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
attachment-1.tnef
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
Malware Alert Text.txt
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Malware Alert Text.txt
Resource
win10v2004-20221111-en
General
-
Target
5af9c6a0-f899-4124-de70-08dad23c8e67.gz
-
Size
8KB
-
MD5
c72f0718ad0ef493aa6fa2d8a99ba9db
-
SHA1
4efd889ca8aae103aa7f0e5c6b06862c203251ff
-
SHA256
7974252b4b71bf7d723292f95b8d07e5044efd45225e53c8d1b205f6ccd0bc8b
-
SHA512
a3601dad046873dfd8050550f6c1e18b9b9e72ac86695af3ec5e48bbe4ada27c6487890ff0cead464ab0a038a2156898392e085742ec98f1e011a2f3f1cba918
-
SSDEEP
192:82lgQaJWq+YRDho0AOdF2eLKiBvrhCVyGt+jPRCCzuTE:82gQaJWFYRDRdFxBvrhCyGWYCzX
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 216 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\5af9c6a0-f899-4124-de70-08dad23c8e67.gz1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx