ad914a64e27ceb65f105dda2b9333507503acf7b5dfa24dcaf0eebed70e10c9b

Resubmissions

09-12-2022 21:31

221209-1c7lnsed59 10

01-12-2022 01:51

221201-b99d4ade82 10

01-12-2022 01:46

221201-b7b1tagf7t 3

Analysis

max time kernel
155s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WT-163WP.iso
Size

101.2MB
MD5

b650be9066248fd19bf55295a3dd91c1
SHA1

08dbe772979f2cf9b70637ecb4fbed0a29517b4a
SHA256

ad914a64e27ceb65f105dda2b9333507503acf7b5dfa24dcaf0eebed70e10c9b
SHA512

cd2dbb0d4addb80ff59126febd145b6a127378a6eadb18bdc3bffe8eab54b2db71352920c12be1882df88aa2eb8bd5b1d3b38124a4d607fabfd4194f380c3aaf
SSDEEP

24576:xFolOZ7iwCywfHH3vwLwZ0RV9Z0OEdMddz52kqAaBJP8fnLJ518VCqoI2ytH2:xFolOZ7iwCywfHH3vwLwDuDHAH2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Modifies registry class 1 IoCs

Processes:

cmd.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings cmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings	cmd.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\WT-163WP.iso
1⤵
- Modifies registry class
PID:2536

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads