Analysis
-
max time kernel
90s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-es -
resource tags
-
submitted
16/02/2023, 05:07
General
-
Target
COUNTER STRIKE 1.6.exe
-
Size
227.6MB
-
MD5
a176ca285438038ce9b5f7dd29f6d1ac
-
SHA1
1e931dc7e08592298cbc8d3dc1612b5967a9581c
-
SHA256
b97bec6c15a33ff4392e204ba19727631f98aa6aba62ba5584757aa684c55174
-
SHA512
a72d527f22a6827d802a932ecd71f79d67208f5a75720abf01afee7c7901c5223eeae65c69e87fb8ee1a709e53602f3c49e29b8afd2c548934475217d5fca2d8
-
SSDEEP
6291456:dJrWC2GFEgv/Egj+I+2H/WWVMGcgjpkyEsKCv6Bb:/SndWXx+2lVigdc
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\COUNTER STRIKE 1.6.exe"C:\Users\Admin\AppData\Local\Temp\COUNTER STRIKE 1.6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-KFS8I.tmp\is-8RNNU.tmp"C:\Users\Admin\AppData\Local\Temp\is-KFS8I.tmp\is-8RNNU.tmp" /SL4 $9004A "C:\Users\Admin\AppData\Local\Temp\COUNTER STRIKE 1.6.exe" 238137020 2094082⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
796KB
MD58535bf33ec74a738eb87c20393ea3fb4
SHA176c89805be4c7623f2b15e9c701421d6902bfe61
SHA256f80191c6d74ddf142d6cde8136bbfdf17d3b46bcde724e7b3755f60d0314e8f6
SHA512199c6250e951d901ce1d6d47bbf46d0ea67734f5f2488e054f8c961dd0f61d5b3f2596fc2a4a813d46b93ad9354f5ea9a57d0eb3e9feaff3bbd0bbd69552a7e6
-
Filesize
796KB
MD58535bf33ec74a738eb87c20393ea3fb4
SHA176c89805be4c7623f2b15e9c701421d6902bfe61
SHA256f80191c6d74ddf142d6cde8136bbfdf17d3b46bcde724e7b3755f60d0314e8f6
SHA512199c6250e951d901ce1d6d47bbf46d0ea67734f5f2488e054f8c961dd0f61d5b3f2596fc2a4a813d46b93ad9354f5ea9a57d0eb3e9feaff3bbd0bbd69552a7e6
-
Filesize
228KB
-
Filesize
228KB