Analysis
-
max time kernel
130s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
18/03/2023, 09:24
General
-
Target
chatgpt_prompts.json
-
Size
90KB
-
MD5
d85b971b0748decdd8090118947d0e57
-
SHA1
0f607d4a0f812361119209414a5a70a46aec682b
-
SHA256
c00cd463a511b8ecbc21d9f4787d1bafb3c4da43949fc3fc6c8933d361bbaac1
-
SHA512
93bc1ce9d450bd84f345dea13e40fb9c1f1e7e0c5fe1ea7b06a668fb24c5642459814172045d0b62c3fee914c73a486e763689f579a9e1b7c1ba20dd04e84078
-
SSDEEP
1536:bOvU0eM1Z0KTIBw4L9gMq7lqxhS3Ibvq87qr3Bmayu4cMXZ4baLxxcyfH++s5daY:bOvU0eM1OvV9C7lqxhS3Ibvq8S3BmayY
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 10 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\chatgpt_prompts.json1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\chatgpt_prompts.json2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\chatgpt_prompts.json"3⤵
- Suspicious use of SetWindowsHookEx
-
-