Overview

overview

6

Static

static

ItB_Fix_Re...ic.rar

windows7-x64

3

ItB_Fix_Re...ic.rar

windows10-2004-x64

3

ItB_Fix_Re...64.dll

windows7-x64

1

ItB_Fix_Re...64.dll

windows10-2004-x64

1

ItB_Fix_Re...er.url

windows7-x64

6

ItB_Fix_Re...er.url

windows10-2004-x64

6

ItB_Fix_Re...ix.ini

windows7-x64

1

ItB_Fix_Re...ix.ini

windows10-2004-x64

1

ItB_Fix_Re...ix.url

windows7-x64

6

ItB_Fix_Re...ix.url

windows10-2004-x64

6

ItB_Fix_Re...64.dll

windows7-x64

1

ItB_Fix_Re...64.dll

windows10-2004-x64

1

ItB_Fix_Re...IS.url

windows7-x64

1

ItB_Fix_Re...IS.url

windows10-2004-x64

1

ItB_Fix_Re...!!.txt

windows7-x64

1

ItB_Fix_Re...!!.txt

windows10-2004-x64

1

ItB_Fix_Re...64.dll

windows7-x64

1

ItB_Fix_Re...64.dll

windows10-2004-x64

3

ItB_Fix_Re...st.txt

windows7-x64

1

ItB_Fix_Re...st.txt

windows10-2004-x64

1

ItB_Fix_Re...mm.dll

windows7-x64

1

ItB_Fix_Re...mm.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2023, 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ItB_Fix_Repair_Steam_Generic.rar

  • Size

    4.7MB

  • MD5

    f5071d68c9b8e0146d6ba8390f0bb5fd

  • SHA1

    ac1ee9d7f69fe5d8ea03fd1a4847a404ae2401a6

  • SHA256

    0e7172d2b26149e5f0545734d604568de1f7b1972a28af77051fee896e2e5968

  • SHA512

    abfe4d6a623a8a37a67ae7807df4f39d773b4c80996b2f0b03348ba2316a009e4b9ffd1561500950a683d54dd457e08b88bfa42650576e4cb8f29cf1fea4e145

  • SSDEEP

    98304:TemM3T4LdBaRcBeb1zmDsSRWn4JZGBtTPstBW7Lnyi5R:TehT4ZbwxSRWnmoBBPUBW7Lnyif

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ItB_Fix_Repair_Steam_Generic.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ItB_Fix_Repair_Steam_Generic.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:888
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\ItB_Fix_Repair_Steam_Generic.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/900-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

    Filesize

    8KB

    Download