Overview
overview
10Static
static
RRCG61.zip
windows10-1703-x64
1RRCG61.vhd
windows10-1703-x64
3RR.lnk
windows10-1703-x64
10System Vol...gs.dat
windows10-1703-x64
3unutterabl...ns.cmd
windows10-1703-x64
1unutterabl...ed.cmd
windows10-1703-x64
1unutterabl...le.txt
windows10-1703-x64
1unutterably/swam.dll
windows10-1703-x64
10Analysis
-
max time kernel
101s -
max time network
104s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
08-12-2022 16:20
Static task
static1
Behavioral task
behavioral1
Sample
RRCG61.zip
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
RRCG61.vhd
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
RR.lnk
Resource
win10-20220901-en
Behavioral task
behavioral4
Sample
System Volume Information/WPSettings.dat
Resource
win10-20220812-en
Behavioral task
behavioral5
Sample
unutterably/felons.cmd
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
unutterably/offered.cmd
Resource
win10-20220812-en
Behavioral task
behavioral7
Sample
unutterably/satiable.txt
Resource
win10-20220812-en
General
-
Target
RRCG61.vhd
-
Size
2.0MB
-
MD5
c7985e2c53b3dc454eb15f202195047f
-
SHA1
d9b4dea38105627c51b732bda80315d8aef1e331
-
SHA256
6a97d727f793f3cdbfd245322cf1068dedc27f692d5d1fc52e039706fbe54b5e
-
SHA512
dfba7e1ae6ee8301cf7ae4cc542e03851c11f3728e77ae4e22769aa809c311e583c1df8a514563cedc8ae6e9b638630520ff512069ac4f06b85a5af77c85cba2
-
SSDEEP
49152:AHHsMHHHEHgHHHHPwuEwJ3wcH0HEHqHHHHHRYT8UQw8M:E8UQw8M
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
Processes:
cmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings cmd.exe