Analysis
-
max time kernel
1392s -
max time network
1219s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
03-03-2023 21:43
General
-
Target
data.dat
-
Size
30.0MB
-
MD5
5b4fe8caa826721d851e10bc7e9b73d0
-
SHA1
9fd6f1829d6757761d2f875ae6fccc9892a61188
-
SHA256
a829d08eac5339bd6941a598d09e5402a677ed5d3164ed8a9ffa277b8f6fdb0d
-
SHA512
64ffde1ac11470ff51249e518fd6983625f105f4dbe1e24ba3ff17f2338a703f458a7bf2b7e7457a76632f9a28c6378c565d83d130572837639b33e735a9eeaf
-
SSDEEP
6144:7TTSTiTTTSTTTSTiTTTSTTTSTiTTTSTTTSTiTTTSTTTSTiTTTSTTTSTiTTTSTTTq:C
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 17 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\data.dat1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\data.dat2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 480 -p 2404 -ip 24041⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2404 -s 17801⤵
- Program crash