Analysis
-
max time kernel
59s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
03-04-2023 04:07
General
-
Target
Modules/credentials.json
-
Size
701B
-
MD5
f9bddb298baa4dfb77c350cbeedd7320
-
SHA1
bee1870a3350f27afdffa141c606c7037807c094
-
SHA256
fdffeef363d6d338b67aa1a5c7cb7febeaf91da3805dc76ad71cc20720ce4252
-
SHA512
1599097bfd6718890a5dcb64e58121733f1148f4af55e5c0fbf06964f590280879cc60d24cd5fa31cc61fa1edc3f71198471f36af38f04fb4053dde43d9702f7
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Modules\credentials.json1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx