Overview

overview

10

Static

static

AudioCapture.dll

windows7-x64

1

AudioCapture.dll

windows10-2004-x64

1

HTCTL32.dll

windows7-x64

1

HTCTL32.dll

windows10-2004-x64

3

PCICHEK.dll

windows7-x64

1

PCICHEK.dll

windows10-2004-x64

1

PCICL32.dll

windows7-x64

1

PCICL32.dll

windows10-2004-x64

1

TCCTL32.dll

windows7-x64

1

TCCTL32.dll

windows10-2004-x64

1

client32.exe

windows7-x64

10

client32.exe

windows10-2004-x64

10

client32.ini

windows7-x64

1

client32.ini

windows10-2004-x64

1

msvcr100.dll

windows7-x64

3

msvcr100.dll

windows10-2004-x64

3

pcicapi.dll

windows7-x64

1

pcicapi.dll

windows10-2004-x64

1

remcmdstub.exe

windows7-x64

1

remcmdstub.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    91s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-01-2023 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    client32.ini

  • Size

    914B

  • MD5

    fd8286ae0a78720863b527ef40afa2d2

  • SHA1

    cde55878b3f1f296548d2548a2f3cc0170afa67e

  • SHA256

    b3c4963e4a5dbe7af6ad552526f58eff57c3f3868fde42416501643c95e938c0

  • SHA512

    a75c53132a825635491fa9f5e5bbdc1201f505d4caf78ab56eedacb1cd9d2358af27c0f48ae548fe261dc26f4b68960abf8d950d26c747290c6cbd44297670c6

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\client32.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:4644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads