Overview

overview

4

Static

static

1

Duo_mini18 (1).rar

windows10-1703-x64

4

Analysis

  • max time kernel
    65s
  • max time network
    56s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/03/2023, 07:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Duo_mini18 (1).rar

  • Size

    132.0MB

  • MD5

    f248b177dca39522189c7090952aba11

  • SHA1

    a0c7512f88ec3ee6186be683f81b77144a479e56

  • SHA256

    07531e276c0656b59b5b25928fa6087e478bd201d22d9a53695f65e48bd49f25

  • SHA512

    369d7108084e48217e35675441db330cf94ec8579e098412edba8d426943d2614d14b01c566b00800cef3a1885e2a13870438855c6b57ca19b3a1e8ce4b28cda

  • SSDEEP

    3145728:4RX2f1yltbDt4ICon2h0z1HZs5MyIUDcJS5g03ApxGq7:Xf1yPbDa1h8liuyIWgp/7

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 49 IoCs
  • Suspicious use of SendNotifyMessage 47 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Duo_mini18 (1).rar"
    1⤵
    • Modifies registry class
    PID:3756
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4928
  • C:\Program Files\7-Zip\7zG.exe
    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\UnlockResize\" -spe -an -ai#7zMap9735:82:7zEvent8888
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4160
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3944

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
          Filesize

          14KB

          MD5

          ae885919d9659ec0b2523e496676b1f0

          SHA1

          14fbbd313f6c93b02440c8362f05ada57614b511

          SHA256

          999131f43c7a72d42329967da699db2a7126553152dc9917d74ec9c5dcebecb5

          SHA512

          ff1ee5045cdf97ed2b37d2cdf86713e4b44c86139624cffcf3de13f85ade195006db727c5e704b5e455201def20b0ecd7bdbe88a96862797ed67366ee6d44ad3

          Download Submit