Overview

overview

8

Static

static

8

400.184/mats

ubuntu-18.04-amd64

1

400.184/mods

ubuntu-18.04-amd64

5

mats.img

windows7-x64

3

mats.img

windows10-2004-x64

3

rufus-3.13.exe

windows7-x64

8

rufus-3.13.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    131s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2023 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mats.img

  • Size

    66.4MB

  • MD5

    707db4d641a2bb3e14bb91327b75ee87

  • SHA1

    acf77d5cffa8ebce597f80ca4c9b01b351352c3b

  • SHA256

    eac96ab9a056461c4560066936c8af173d17d18ac8af68e373fc07d73244e8dc

  • SHA512

    b27648968a389059af9cb3749c56dbd9a0c5234b44621d063cfde948eeaf9550cd9e89c4b7aa971427d6508efb8aecb3e8e6f7b5cc8a16b008d6c8e83382b9f5

  • SSDEEP

    1572864:3YmMX2KKYtxefLs1FZ9bE4P8+2t8qL70SmO:IRX2KttHX4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mats.img
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\System32\isoburn.exe
      "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\mats.img"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      PID:268

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/268-76-0x0000000000000000-mapping.dmp
    Download
  • memory/2000-54-0x000007FEFB771000-0x000007FEFB773000-memory.dmp
    Filesize

    8KB

    Download