Overview
overview
8Static
static
1Pass_55555_Setup.rar
windows10-1703-x64
3Installer-x64bit.exe
windows10-1703-x64
8Qt5Gui.dll
windows10-1703-x64
1avcodec-58.dll
windows10-1703-x64
1avformat-58.dll
windows10-1703-x64
1license.txt
windows10-1703-x64
1plugins/im...if.dll
windows10-1703-x64
1plugins/im...co.dll
windows10-1703-x64
1plugins/im...eg.dll
windows10-1703-x64
1plugins/me...ne.dll
windows10-1703-x64
1plugins/me...ne.dll
windows10-1703-x64
1plugins/pl...ws.dll
windows10-1703-x64
1plugins/st...le.dll
windows10-1703-x64
1scripting/citra.py
windows10-1703-x64
3Resubmissions
27-02-2023 04:37
230227-e83rpsbf3s 827-02-2023 04:25
230227-e2b1eabe9v 327-02-2023 04:20
230227-ex6n8abg69 827-02-2023 04:14
230227-ets9qabe8t 412-02-2023 12:22
230212-pkc69adh37 8Analysis
-
max time kernel
137s -
max time network
149s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
27-02-2023 04:20
Static task
static1
Behavioral task
behavioral1
Sample
Pass_55555_Setup.rar
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
Installer-x64bit.exe
Resource
win10-20230220-en
Behavioral task
behavioral3
Sample
Qt5Gui.dll
Resource
win10-20230220-en
Behavioral task
behavioral4
Sample
avcodec-58.dll
Resource
win10-20230220-en
Behavioral task
behavioral5
Sample
avformat-58.dll
Resource
win10-20230220-en
Behavioral task
behavioral6
Sample
license.txt
Resource
win10-20230220-en
Behavioral task
behavioral7
Sample
plugins/imageformats/qgif.dll
Resource
win10-20230220-en
Behavioral task
behavioral8
Sample
plugins/imageformats/qico.dll
Resource
win10-20230220-en
Behavioral task
behavioral9
Sample
plugins/imageformats/qjpeg.dll
Resource
win10-20230220-en
Behavioral task
behavioral10
Sample
plugins/mediaservice/dsengine.dll
Resource
win10-20230220-en
Behavioral task
behavioral11
Sample
plugins/mediaservice/wmfengine.dll
Resource
win10-20230220-en
Behavioral task
behavioral12
Sample
plugins/platforms/qwindows.dll
Resource
win10-20230220-en
Behavioral task
behavioral13
Sample
plugins/styles/qwindowsvistastyle.dll
Resource
win10-20230220-en
Behavioral task
behavioral14
Sample
scripting/citra.py
Resource
win10-20230220-en
General
-
Target
scripting/citra.py
-
Size
3KB
-
MD5
17029cc3a1237a2760c266823a8a3937
-
SHA1
face198755f58583cb86f23638d2308f30ced85d
-
SHA256
7fef07e4a7d6dcd0b203b6a35cf9f41463c6658bcf67e95ebcb4ca440c9be11e
-
SHA512
41f1624ab9119cfdfa4a223fe4794a110dc0bbfedf3424a777a35d94a80e801c33a61701dc5cac7615edfdfa15c5da8e3e3668189506f87b5cd9763f759d6cb2
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 2512 OpenWith.exe