Overview

overview

3

Static

static

Launcher.exe

windows7-x64

1

Launcher.exe

windows10-2004-x64

1

OnlineFix.ini

windows7-x64

1

OnlineFix.ini

windows10-2004-x64

1

OnlineFix.json

windows7-x64

3

OnlineFix.json

windows10-2004-x64

3

OnlineFix64.dll

windows7-x64

1

OnlineFix64.dll

windows10-2004-x64

1

PhotonBridge.dll

windows7-x64

1

PhotonBridge.dll

windows10-2004-x64

1

SDKVersion.txt

windows7-x64

1

SDKVersion.txt

windows10-2004-x64

1

SteamOverlay64.dll

windows7-x64

1

SteamOverlay64.dll

windows10-2004-x64

3

baselib.dll

windows7-x64

3

baselib.dll

windows10-2004-x64

3

winmm.dll

windows7-x64

1

winmm.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2022 00:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OnlineFix.ini

  • Size

    678B

  • MD5

    492fc06260255c42019918c6aee7480b

  • SHA1

    0b67c03fb45616418fff76ab2bee52db42d8a75a

  • SHA256

    64861b00dea66da984041383ba0616955dfe88d0beb46794d1e606a2777580f9

  • SHA512

    848e23ce15bbe932aff71932a3c0a9c5a7514e5a837912d039d5ecbb6051fdff16a0aa1d556e768987d0ab500c1e547d869a17704b1401ae78a569158377ce9a

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\OnlineFix.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1808-54-0x000007FEFC281000-0x000007FEFC283000-memory.dmp

    Filesize

    8KB

    Download