Overview
overview
10Static
static
AFL27.iso
windows7-x64
3AFL27.iso
windows10-2004-x64
3AS.js
windows7-x64
10AS.js
windows10-2004-x64
10peseta/data.txt
windows7-x64
1peseta/data.txt
windows10-2004-x64
1peseta/flours.js
windows7-x64
3peseta/flours.js
windows10-2004-x64
7peseta/gratiae.ps1
windows7-x64
1peseta/gratiae.ps1
windows10-2004-x64
1peseta/opalescent.jpg
windows7-x64
3peseta/opalescent.jpg
windows10-2004-x64
3Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-01-2023 21:04
Static task
static1
Behavioral task
behavioral1
Sample
AFL27.iso
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
AFL27.iso
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
AS.js
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
AS.js
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
peseta/data.txt
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
peseta/data.txt
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
peseta/flours.js
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
peseta/flours.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
peseta/gratiae.ps1
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
peseta/gratiae.ps1
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
peseta/opalescent.jpg
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
peseta/opalescent.jpg
Resource
win10v2004-20221111-en
General
-
Target
peseta/data.txt
-
Size
630KB
-
MD5
58329a65cac27867d2777390f4eac0eb
-
SHA1
a44b4f6d076498b6bf42dbf1a8a805f4570e7c04
-
SHA256
9a6a43b0cdd989c911896933202401b848d2502db0219632f3aaa04a2e4687a4
-
SHA512
8bde8e1c678a516abb67f4bfb6bc314477014123b4bab3e9c3d13e1e9e4e5dfd37e407b4c4c939b270234419f367d7a1e26a605770620312d1d0fe27ca5980b5
-
SSDEEP
12288:Im1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMznGBRA4cZDA:rMFEO6dHvDe0P335EXpUNSleQ2cYcGLx
Malware Config
Signatures
-
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 1016 NOTEPAD.EXE
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1016-54-0x000007FEFC2C1000-0x000007FEFC2C3000-memory.dmpFilesize
8KB