Overview

overview

10

Static

static

1

PremiumsSa...23.rar

windows7-x64

3

0pen.me.txt

windows7-x64

1

GetFiIesSoftFully.rar

windows7-x64

3

ActiveCode.txt

windows7-x64

1

satup.exe

windows7-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    30-03-2023 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PremiumsSatupG3-Passsw0rd-2023.rar

  • Size

    12.3MB

  • MD5

    82b1042be75dfabd31e53cb65f0cde7e

  • SHA1

    e2a047c45d72b4dfc7b3cc03e6280bfb95483294

  • SHA256

    d183a256700192ba485c441674789d0241a59688015119bf65d5cb2078e2cc13

  • SHA512

    191ef2bf42ce282cbff3061a582b9e09ed4b2a6882e51057c197d123a169c928991bd19506f2eae07f762fd850cec208f77da6c35c9a8c078ddd2b5e9d5feeab

  • SSDEEP

    196608:Df5yOyIsvCQtNXkDtPzHTXpsY0gRpCdKMWEJrNrpndKZe9x7i9I5V8I2:z5yOyfCQNX6PfXpr0ygkMB1Nrq89cAn2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PremiumsSatupG3-Passsw0rd-2023.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PremiumsSatupG3-Passsw0rd-2023.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1716
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\PremiumsSatupG3-Passsw0rd-2023.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1720

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1720-83-0x000000013F260000-0x000000013F358000-memory.dmp
    Filesize

    992KB

    Download
  • memory/1720-84-0x000007FEFAC50000-0x000007FEFAC84000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1720-85-0x000007FEF6010000-0x000007FEF62C4000-memory.dmp
    Filesize

    2.7MB

    Download
  • memory/1720-86-0x000007FEFB000000-0x000007FEFB018000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1720-87-0x000007FEFAC30000-0x000007FEFAC47000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1720-88-0x000007FEFABE0000-0x000007FEFABF1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-89-0x000007FEFABC0000-0x000007FEFABD7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1720-90-0x000007FEFABA0000-0x000007FEFABB1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-91-0x000007FEFAB80000-0x000007FEFAB9D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/1720-92-0x000007FEFAB60000-0x000007FEFAB71000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-93-0x000007FEF4E70000-0x000007FEF5F1B000-memory.dmp
    Filesize

    16.7MB

    Download
  • memory/1720-94-0x000007FEF4C70000-0x000007FEF4E70000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1720-95-0x000007FEFA970000-0x000007FEFA9AF000-memory.dmp
    Filesize

    252KB

    Download
  • memory/1720-96-0x000007FEFA940000-0x000007FEFA961000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1720-97-0x000007FEF6590000-0x000007FEF65A8000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1720-98-0x000007FEF6570000-0x000007FEF6581000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-99-0x000007FEF6550000-0x000007FEF6561000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-100-0x000007FEF6530000-0x000007FEF6541000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-101-0x000007FEF6510000-0x000007FEF652B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/1720-102-0x000007FEF64F0000-0x000007FEF6501000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-103-0x000007FEF64D0000-0x000007FEF64E8000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1720-104-0x000007FEF64A0000-0x000007FEF64D0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/1720-105-0x000007FEF6430000-0x000007FEF6497000-memory.dmp
    Filesize

    412KB

    Download
  • memory/1720-106-0x000007FEF4C00000-0x000007FEF4C6F000-memory.dmp
    Filesize

    444KB

    Download
  • memory/1720-107-0x000007FEF63F0000-0x000007FEF6401000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-109-0x000007FEF5FE0000-0x000007FEF6008000-memory.dmp
    Filesize

    160KB

    Download
  • memory/1720-112-0x000007FEF49E0000-0x000007FEF4A03000-memory.dmp
    Filesize

    140KB

    Download
  • memory/1720-113-0x000007FEF49C0000-0x000007FEF49D1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-111-0x000007FEF4AB0000-0x000007FEF4AC7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1720-110-0x000007FEF5F70000-0x000007FEF5F94000-memory.dmp
    Filesize

    144KB

    Download
  • memory/1720-114-0x000007FEF4930000-0x000007FEF4942000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1720-108-0x000007FEF4BA0000-0x000007FEF4BF6000-memory.dmp
    Filesize

    344KB

    Download
  • memory/1720-115-0x000007FEF4900000-0x000007FEF4921000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1720-116-0x000007FEF48E0000-0x000007FEF48F3000-memory.dmp
    Filesize

    76KB

    Download
  • memory/1720-117-0x000007FEF48C0000-0x000007FEF48D2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1720-118-0x000007FEF4780000-0x000007FEF48BB000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1720-119-0x000007FEF42E0000-0x000007FEF430C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/1720-120-0x000007FEF4120000-0x000007FEF42D2000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/1720-121-0x000007FEF3F80000-0x000007FEF3FDC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/1720-122-0x000007FEF3F60000-0x000007FEF3F71000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-123-0x000007FEF3EC0000-0x000007FEF3F57000-memory.dmp
    Filesize

    604KB

    Download
  • memory/1720-124-0x000007FEF3C70000-0x000007FEF3C82000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1720-125-0x000007FEF3A30000-0x000007FEF3C61000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1720-126-0x000007FEF3420000-0x000007FEF3532000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/1720-127-0x000007FEF33A0000-0x000007FEF33D5000-memory.dmp
    Filesize

    212KB

    Download
  • memory/1720-128-0x000007FEF3350000-0x000007FEF3375000-memory.dmp
    Filesize

    148KB

    Download
  • memory/1720-129-0x000007FEF3330000-0x000007FEF3341000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-130-0x000007FEF32C0000-0x000007FEF3321000-memory.dmp
    Filesize

    388KB

    Download
  • memory/1720-131-0x000007FEF32A0000-0x000007FEF32B1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-132-0x000007FEF3280000-0x000007FEF3292000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1720-133-0x000007FEF3260000-0x000007FEF3273000-memory.dmp
    Filesize

    76KB

    Download
  • memory/1720-134-0x000007FEF31C0000-0x000007FEF325F000-memory.dmp
    Filesize

    636KB

    Download
  • memory/1720-135-0x000007FEF31A0000-0x000007FEF31B1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-136-0x000007FEF3090000-0x000007FEF3192000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1720-137-0x000007FEF3070000-0x000007FEF3081000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-138-0x000007FEF3050000-0x000007FEF3061000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-139-0x000007FEF3030000-0x000007FEF3041000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-140-0x000007FEF3010000-0x000007FEF3022000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1720-141-0x000007FEF2FF0000-0x000007FEF3008000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1720-142-0x000007FEF2FD0000-0x000007FEF2FE6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1720-144-0x000007FEF2F80000-0x000007FEF2F92000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1720-145-0x000007FEF2F60000-0x000007FEF2F71000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1720-143-0x000007FEF2FA0000-0x000007FEF2FC9000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1720-146-0x000007FEF2F40000-0x000007FEF2F51000-memory.dmp
    Filesize

    68KB

    Download