Analysis

  • max time kernel
    125s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2023, 19:41

General

  • Target

    vibrations/croaks.sql

  • Size

    1.6MB

  • MD5

    93c08848c8acedbf3e93692b445fd90c

  • SHA1

    31a40a24e3e54bd35f8eb1c5859a42e4d38b1712

  • SHA256

    6054916e5dc80c3f068e13b10b2e5e1a314f2207a85ead9ac979ab75ae4501d8

  • SHA512

    341b0affd4a8b516c18b4f995b888fe17072ddc928b7d9ad4ab342e758cd60d144b0b2e95d01c56e73c86ea3212a63abdb212cbc4c4d07504dcc8a4737037ab4

  • SSDEEP

    12288:hgD7oi4JVR7GiHZJUMY4qSl9rBQpVvFBuLBmIiPy0Kko1KTVFufFKHcqgEQX0ekU:c7o9PrBeVXoY76Nj37J

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\vibrations\croaks.sql
    1⤵
    • Modifies registry class
    PID:2544
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1972

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads