96349b4ca999a16f0e3b2159c41d25685e3dca999322b3a29b25369a24f63ed1 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

config.json

windows7-x64

3

config.json

windows10-2004-x64

3

modest-menu.exe

windows7-x64

modest-menu.exe

windows10-2004-x64

9

scripts/Readme.api

windows7-x64

3

scripts/Readme.api

windows10-2004-x64

3

scripts/demo.lua

windows7-x64

3

scripts/demo.lua

windows10-2004-x64

3

scripts/si...xample

windows7-x64

3

scripts/si...xample

windows10-2004-x64

3

scripts/vehicle.lua

windows7-x64

3

scripts/vehicle.lua

windows10-2004-x64

3

scripts/weapon.lua

windows7-x64

3

scripts/weapon.lua

windows10-2004-x64

3

themes.json

windows7-x64

3

themes.json

windows10-2004-x64

3

Analysis

max time kernel
62s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2023 16:42

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

config.json

Resource

win7-20230220-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

config.json

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

modest-menu.exe

Resource

win7-20230220-en

evasion themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

modest-menu.exe

Resource

win10v2004-20230221-en

evasion themida trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral5

Sample

scripts/Readme.api

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

scripts/Readme.api

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

scripts/demo.lua

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral8

Sample

scripts/demo.lua

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral9

Sample

scripts/sirius.lua.example

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral10

Sample

scripts/sirius.lua.example

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

scripts/vehicle.lua

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral12

Sample

scripts/vehicle.lua

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

scripts/weapon.lua

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral14

Sample

scripts/weapon.lua

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral15

Sample

themes.json

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

themes.json

Resource

win10v2004-20230220-en

windows10-2004-x64

3 signatures

150 seconds

Report Analysis Logs

General

Target

scripts/Readme.api
Size

23KB
MD5

81d73b30efaeb4907745fbb45a3c56e7
SHA1

5d4fabd8f657fa5e8165728ab9d5ea88f771c36b
SHA256

28806ebf17205b6dcadb10bd3899e283660efdd27b9445c807646b126b96985b
SHA512

3f1442e18c0f16db649e20fb9f842a78784ab0f6cd07a5d21469c85f476290bfc89982e763859f10f23212e0bbd4686f41521d79151e71db00c63251bd0989fa
SSDEEP

192:qNzcKv05Feq0hHBjzCpGjem0fieGiAvj2GlbWXxX5IS+wwSgU0FXxZujFS+Jrkrs:n5ChMGjemhZWXxX5MO0FrujPJriOiK

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\scripts\Readme.api
1⤵
PID:2152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy