12f1dca7a4f486e088a3e470b0e1ed37df4bf26af311b4a6257e6d61c480cceb

Resubmissions

02/04/2023, 13:07

230402-qcynnagd77 7

02/04/2023, 13:05

230402-qbzvbshg3s 7

Analysis

max time kernel
61s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/04/2023, 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a/xk.class
Size

1KB
MD5

65b6208334ba1ea1f270601e7579820d
SHA1

1f86d66d3e989a11d3aa73bed3ffd014b361b7ef
SHA256

c8850f0bfc43c3e52526083c38cb9723419d0aae1a889a5a4210243e7921a2bf
SHA512

d17e91eb95eb867e77772e7048b30dd9f3ed642daf3e2a586e85de29c437e5084c03ae3430a13c9d82312ce8fbb0df78ad356bcecbfbb4553a949c84e51a0b1e

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4300	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\a\xk.class
1⤵
- Modifies registry class
PID:1936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4300

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads