Overview
overview
10Static
static
10Innovatoz/...oz.bat
windows7-x64
10Innovatoz/...oz.bat
windows10-2004-x64
1Innovatoz/menu.py
windows7-x64
3Innovatoz/menu.py
windows10-2004-x64
3Innovatoz/menu2.py
windows7-x64
3Innovatoz/menu2.py
windows10-2004-x64
3Innovatoz/menu3.py
windows7-x64
3Innovatoz/menu3.py
windows10-2004-x64
3Innovatoz/...de.exe
windows7-x64
7Innovatoz/...de.exe
windows10-2004-x64
7Innovatoz/...in.bat
windows7-x64
1Innovatoz/...in.bat
windows10-2004-x64
3Innovatoz/...es.exe
windows7-x64
7Innovatoz/...es.exe
windows10-2004-x64
7Innovatoz/...es.exe
windows7-x64
7Innovatoz/...es.exe
windows10-2004-x64
7Innovatoz/...gs.exe
windows7-x64
10Innovatoz/...gs.exe
windows10-2004-x64
10Innovatoz/runner.bat
windows7-x64
10Innovatoz/runner.bat
windows10-2004-x64
10Analysis
-
max time kernel
273s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
31-03-2023 19:47
Behavioral task
behavioral1
Sample
Innovatoz/Innovatoz.bat
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Innovatoz/Innovatoz.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Innovatoz/menu.py
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Innovatoz/menu.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Innovatoz/menu2.py
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Innovatoz/menu2.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Innovatoz/menu3.py
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Innovatoz/menu3.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Innovatoz/ressources/code.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Innovatoz/ressources/code.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
Innovatoz/ressources/explain.bat
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
Innovatoz/ressources/explain.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
Innovatoz/ressources/properties.exe
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
Innovatoz/ressources/properties.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
Innovatoz/ressources/ressources.exe
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
Innovatoz/ressources/ressources.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
Innovatoz/ressources/settings.exe
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
Innovatoz/ressources/settings.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
Innovatoz/runner.bat
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
Innovatoz/runner.bat
Resource
win10v2004-20230220-en
General
-
Target
Innovatoz/menu2.py
-
Size
194B
-
MD5
29843c0eb23d2985ff5a201de3aa45c9
-
SHA1
7bd0922bfee51ade260a93310c4ad6b2ed7fa50c
-
SHA256
baf89706c17b8f63a81d8fb52a1a3b4e9fa2c76715ecff5d70985fac4a2a8964
-
SHA512
693ea9db688d4375e2bd410f82d1f5ecefe9ca1c44ee030c00fe66b083ac9a1aed47eec550c0f59686b725e304bdfc7ee654f48f52427f3c606405833ce4a505
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 10 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\py_auto_file rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\.py rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\.py\ = "py_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\py_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_Classes\Local Settings rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\py_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\py_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\py_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000_CLASSES\py_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRd32.exepid process 868 AcroRd32.exe 868 AcroRd32.exe 868 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
cmd.exerundll32.exedescription pid process target process PID 1324 wrote to memory of 1656 1324 cmd.exe rundll32.exe PID 1324 wrote to memory of 1656 1324 cmd.exe rundll32.exe PID 1324 wrote to memory of 1656 1324 cmd.exe rundll32.exe PID 1656 wrote to memory of 868 1656 rundll32.exe AcroRd32.exe PID 1656 wrote to memory of 868 1656 rundll32.exe AcroRd32.exe PID 1656 wrote to memory of 868 1656 rundll32.exe AcroRd32.exe PID 1656 wrote to memory of 868 1656 rundll32.exe AcroRd32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Innovatoz\menu2.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Innovatoz\menu2.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Innovatoz\menu2.py"3⤵
- Suspicious use of SetWindowsHookEx