Overview

overview

3

Static

static

1

Internalinject0r_.rar

windows7-x64

3

Internalinject0r_.rar

windows10-2004-x64

3

Resubmissions

12/02/2023, 17:53

230212-wgcjwaeh7y 3

Analysis

  • max time kernel
    12s
  • max time network
    1s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2023, 17:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Internalinject0r_.rar

  • Size

    394KB

  • MD5

    8f3906360aba70dbd7e2547d880e393e

  • SHA1

    b483f1586921f59ebe88749902588263416797c1

  • SHA256

    34ae837afc5d91e4ec0f680dcea462ee9d2573df4942c0f0ba7a6248ca14e041

  • SHA512

    433220aa62b4e0ab786a43147b4f98af166a5c5a059f27ec601a4baca0f0047c3cd7b86fd7da8d95997eb86828bc93ce13b071f1bdf9ca71e0d682e8ced7f22d

  • SSDEEP

    6144:dsKoJTCG5DQvjPxkLKJFlHNz+EVdYIF9eSECmDp9iNucqf8ti5wBoSiX/o:OKb4DQL+K3dNrVdYMErDCkcqkoPSiXw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Internalinject0r_.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Internalinject0r_.rar
      2⤵
      • Modifies registry class
      PID:1756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2012-54-0x000007FEFBD81000-0x000007FEFBD83000-memory.dmp

    Filesize

    8KB

    Download