8da455738971a9c0abe1edc19cc7eb509d3123fc55424522379b815979e2bcd7

Analysis

max time kernel
76s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2023, 23:40

Target

bios/SCPH-77000_BIOS_V15_JAP_220.rom2
Size

512KB
MD5

905ebe2358502f8aaeeeac96d023f4d9
SHA1

b96cf94772f01b8434038285896467884a84b0c2
SHA256

1b7c68be427e6f571596ef6b444e8b86d1b4e2a226d62f6bfc86717a798f2317
SHA512

a5a2b4fbc3649898b90b5be53d2c5e26776f7576524c4f2fc7618e5c2985f45068f30538980b327043164e758028b52a266ffbf284923163ba3673b3efea991c
SSDEEP

6144:SBFsXCSZ3B4YEXxyCpmDqoPYmMsHw1SiXWIXjxqJ4Li:YSf3ounMsMjq4O

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1832	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\bios\SCPH-77000_BIOS_V15_JAP_220.rom2
1⤵
- Modifies registry class
PID:628

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact