Overview
overview
10Static
static
IG-152WP.iso
windows10-2004-x64
3WP.vbs
windows10-2004-x64
10header
windows10-2004-x64
1metaphysic/alas.vbs
windows10-2004-x64
7metaphysic/choked.txt
windows10-2004-x64
1metaphysic...ts.gif
windows10-2004-x64
1metaphysic...es.ps1
windows10-2004-x64
1metaphysic/preyed.txt
windows10-2004-x64
1metaphysic/readme.txt
windows10-2004-x64
1metaphysic...rs.jpg
windows10-2004-x64
3metaphysic...te.png
windows10-2004-x64
3Analysis
-
max time kernel
604s -
max time network
815s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
30-11-2022 22:05
Static task
static1
Behavioral task
behavioral1
Sample
IG-152WP.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral2
Sample
WP.vbs
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
header
Resource
win10v2004-20220812-en
Behavioral task
behavioral4
Sample
metaphysic/alas.vbs
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
metaphysic/choked.txt
Resource
win10v2004-20221111-en
Behavioral task
behavioral6
Sample
metaphysic/imprints.gif
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
metaphysic/prefaces.ps1
Resource
win10v2004-20221111-en
Behavioral task
behavioral8
Sample
metaphysic/preyed.txt
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
metaphysic/readme.txt
Resource
win10v2004-20221111-en
Behavioral task
behavioral10
Sample
metaphysic/simmers.jpg
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
metaphysic/typewrite.png
Resource
win10v2004-20220812-en
General
-
Target
metaphysic/readme.txt
-
Size
770KB
-
MD5
07600e1dd044b75a84857b90d246aee7
-
SHA1
0ea797440370f349b1137586ddbe1d071ff8f48a
-
SHA256
b63f23a6a846f11810d2750b949fa746c94a3d199f13cc627f7675f1a2be4c71
-
SHA512
c01f8e1c6567e2e709592400e54164d92a8f4c08886f0b21bfafd1d8e17eba9bcb06b3158044933ba345668b784d9dcea5388ed8d6868924f971d7f2da3dfc8f
-
SSDEEP
24576:+0RV9Z0OEdMdEz52kqAaBJP8fnLJ518VCqoI2yO:1uDHh
Malware Config
Signatures
-
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 3408 NOTEPAD.EXE