Resubmissions
09-12-2022 21:31
221209-1c7lnsed59 1001-12-2022 01:51
221201-b99d4ade82 1001-12-2022 01:46
221201-b7b1tagf7t 3Analysis
-
max time kernel
155s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01-12-2022 01:46
Static task
static1
Behavioral task
behavioral1
Sample
WT-163WP.iso
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
WT-163WP.iso
-
Size
101.2MB
-
MD5
b650be9066248fd19bf55295a3dd91c1
-
SHA1
08dbe772979f2cf9b70637ecb4fbed0a29517b4a
-
SHA256
ad914a64e27ceb65f105dda2b9333507503acf7b5dfa24dcaf0eebed70e10c9b
-
SHA512
cd2dbb0d4addb80ff59126febd145b6a127378a6eadb18bdc3bffe8eab54b2db71352920c12be1882df88aa2eb8bd5b1d3b38124a4d607fabfd4194f380c3aaf
-
SSDEEP
24576:xFolOZ7iwCywfHH3vwLwZ0RV9Z0OEdMddz52kqAaBJP8fnLJ518VCqoI2ytH2:xFolOZ7iwCywfHH3vwLwDuDHAH2
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
Processes:
cmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings cmd.exe