Overview

overview

7

Static

static

1

wps.zip

windows7-x64

7

wps.zip

windows10-2004-x64

7

wps/kdump64.dll

windows7-x64

1

wps/kdump64.dll

windows10-2004-x64

1

wps/wps.dat

windows7-x64

3

wps/wps.dat

windows10-2004-x64

3

wps/wps.exe

windows7-x64

7

wps/wps.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    79s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2023, 09:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wps/wps.dat

  • Size

    155KB

  • MD5

    2a9f6b1a449d883d1548af80ba54c5b4

  • SHA1

    d4d09e62cc96de86270d7937ea9afd908771e06f

  • SHA256

    ad46c8fd77ba92506bbf57e690fcba24b291a42ee9aa26b95a7ef674dd7e8ea0

  • SHA512

    b5df5f2665615512013278265bb81b5caf7f12423ec41b2569ac294d5c52a93c90af34c8a570ac9cb738034fb3cac61dc7eacc600920673b275bacd305d5af4f

  • SSDEEP

    3072:7RWUiMjpzapinFQkjgP+dxh3zyhaMI5/u0oVGV5mkjxGtfF1pmYfUfgeAmX:FnepWQqgExh3zygMI5///00GtXkCUfg8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\wps\wps.dat
    1⤵
    • Modifies registry class
    PID:624
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2676

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads