Resubmissions
19-04-2023 17:47
230419-wddmrsec7s 118-04-2023 16:13
230418-tn47csec9x 818-04-2023 16:12
230418-tnnvdaec9t 127-03-2023 18:25
230327-w2w41sgg51 827-03-2023 18:23
230327-w1yw8agg5x 327-03-2023 18:21
230327-wzrfragg4z 627-03-2023 18:21
230327-wzgljsef96 127-03-2023 18:20
230327-wy9wpsef95 127-03-2023 18:12
230327-wtb4wagg2w 1Analysis
-
max time kernel
5s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
27-03-2023 18:11
Static task
static1
Behavioral task
behavioral1
Sample
fighter.jpg
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fighter.jpg
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral3
Sample
fighter.jpg
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral4
Sample
fighter.jpg
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral5
Sample
fighter.jpg
Resource
debian9-mipsel-20221111-en
General
-
Target
fighter.jpg
-
Size
7KB
-
MD5
b4ab5bbc090eb4ff916fbb48dc9d3a40
-
SHA1
b2c8e91298fd8ac51cab4228617db1b469641ab7
-
SHA256
43f43bc1cabe913c58d9dc83503b4711eef4c7028098db545ea3e95849801eaa
-
SHA512
edbd4475c6ccfbfe476727511e2546d41b7d039c133df200009c58cd6d350c0eff69d4f4db66f36011e3e9206e55a7e41919fd6342f639f48427dba08ecb791d
-
SSDEEP
192:uAkBa3UqVX8M08LcJYUaxm3ENPY3h9vY6MDiHbt:rkBa341haxmIY3DY6M2p
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
rundll32.exepid process 1992 rundll32.exe 1992 rundll32.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1992-54-0x0000000000490000-0x0000000000491000-memory.dmpFilesize
4KB