Overview
overview
8Static
static
7Activador OFFICE.rar
windows7-x64
3Activador OFFICE.rar
windows10-2004-x64
3Activador ...le.chm
windows7-x64
1Activador ...le.chm
windows10-2004-x64
1Activador ...ls.exe
windows7-x64
8Activador ...ls.exe
windows10-2004-x64
8Activador ...64.exe
windows7-x64
8Activador ...64.exe
windows10-2004-x64
8Activador ...to.exe
windows7-x64
8Activador ...to.exe
windows10-2004-x64
7Activador ...ol.exe
windows7-x64
1Activador ...ol.exe
windows10-2004-x64
1Analysis
-
max time kernel
253s -
max time network
259s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2023 09:28
Behavioral task
behavioral1
Sample
Activador OFFICE.rar
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Activador OFFICE.rar
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Activador Office 2019/KMS Tools Portable.chm
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Activador Office 2019/KMS Tools Portable.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Activador Office 2019/KMSTools.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Activador Office 2019/KMSTools.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Activador Office 2019/Programs/KMSAuto Lite Portable v1.4.0/KMSAuto x64.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Activador Office 2019/Programs/KMSAuto Lite Portable v1.4.0/KMSAuto x64.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Activador Office 2019/Programs/KMSAuto Lite Portable v1.4.0/KMSAuto.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Activador Office 2019/Programs/KMSAuto Lite Portable v1.4.0/KMSAuto.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
Activador Office 2019/Programs/signtool.exe
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
Activador Office 2019/Programs/signtool.exe
Resource
win10v2004-20230220-en
General
-
Target
Activador OFFICE.rar
-
Size
40.6MB
-
MD5
6dcdeda7d808d660c35a872284c6cfaf
-
SHA1
d9e6b6decaa0020b67b18acc53b1faf0d2c850a4
-
SHA256
e7ec8e39fdfb299ab485a701fa6b18853e5e5fced4360abe9a65037d3457c731
-
SHA512
e880e0d0ccc5b3c90e07e18788e2176ac1cefbc5f7d98a2efd1cf328588a290a87e3c11c818062c79e2160cee6186bfa2636bc983664832ce41375c30a52e439
-
SSDEEP
786432:RmSZpsuIYDHRyi5ICvdGIUZwQ9+wnL3/LYdvcTwJuPRU1Mk/2OVkXcG9QMRDgG:R7gYzr+CvdGIG/W2wJcU1leOVEcG9QMH
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1620 OpenWith.exe