Overview

overview

7

Static

static

1

cpuz.ini

windows7-x64

5

cpuz.ini

windows10-2004-x64

5

cpuz_x64.exe

windows7-x64

6

cpuz_x64.exe

windows10-2004-x64

7

Resubmissions

06-04-2023 01:50

230406-b9gzvacg41 7

06-04-2023 01:46

230406-b6yhesag32 1

06-04-2023 01:43

230406-b5fafscg21 7

Analysis

  • max time kernel
    217s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06-04-2023 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cpuz.ini

  • Size

    528B

  • MD5

    4b4a459f630652c3e7012d0ea865e297

  • SHA1

    2c1354a2b2d91aa2e8ebca9d5f504dd0ef557236

  • SHA256

    125d85b819da20e776a417b58b44126bac3b1150fb993009d879de869fd79497

  • SHA512

    63791d1947335fd7db9b661a0a72306643986506f0e6165b8d10d5440596da4b5925ddc8f5f35bf4f882692b06a3b16ddf65dfc6e21c964bbd6237822cfefbfa

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 32 IoCs
  • Modifies data under HKEY_USERS 46 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 17 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\cpuz.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:1744
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x190
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1084
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:800
  • C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    1⤵
      PID:1756
    • C:\Windows\system32\csrss.exe
      %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
      1⤵
      • Enumerates system info in registry
      • Suspicious use of WriteProcessMemory
      PID:1608
    • C:\Windows\system32\winlogon.exe
      winlogon.exe
      1⤵
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1340
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1788
      • C:\Windows\system32\utilman.exe
        utilman.exe /debug
        2⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:1072
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
      1⤵
        PID:1864

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\Desktop\BlockInstall.png
        Filesize

        638KB

        MD5

        884e0a959929273fdc375cfa847ac78c

        SHA1

        2ab326c97e22be6f37df8ccc1a5546dcb7423637

        SHA256

        cbbe7c91d027c5dd778a33bbe279188b3e81cbdccfcc3676c4bba269bc6cdc83

        SHA512

        ccd0c66dd7ee8b5956c184bad446154d5af0ac8750934b8fd4d5f9b01719c1ac377a5d0033590d545f512032118507f53ed5ebdee70475ec01ddcc0121b27e00

        Download Submit
      • C:\Users\Admin\Desktop\BlockUninstall.midi
        Filesize

        731KB

        MD5

        b9be2a05601b32dbf378b7fe40284a50

        SHA1

        948635158b4ad97075fe2aa151f57dadfb7519d0

        SHA256

        c11af39612c45aba28ac41be2bc912c4a10a35a25a63379bbbaf97ac9c4a16b6

        SHA512

        6abd589bba189fcc3f7fcc83cfb2fe493ee5842b14bc9bead7300bd42de666d9e811fa8914d4f6831dd6bc39b028d797ee27d41e7cff63b26f577ca2266c58b7

        Download Submit
      • C:\Users\Admin\Desktop\CheckpointOut.doc
        Filesize

        499KB

        MD5

        80d6af72edf6fa31804b451cbc774e62

        SHA1

        d222ba8839ffeff9ef9286305844dff9491d73dd

        SHA256

        0dbdf790221f8ecad9bd8d1c1b03f233aedfbe3dfdb65209116e1b3a245639d4

        SHA512

        8deacf5989c7f57bacb399925ab672c51bf1d992f47b15496c99889f829e4a549e0b0b0ac958d5dce12948b69850d014feb7747083baa660d6e73842e9ca01b6

        Download Submit
      • C:\Users\Admin\Desktop\ClearCompress.mht
        Filesize

        685KB

        MD5

        a3b7006ff3f7a0aa6ccf6e53afc4730a

        SHA1

        73727fcb7c2c405ce02381814f4c1212f4b8a14a

        SHA256

        96d5df8ada260a7f7322e8266a483971d2b717d92b720b8116933243dcca851e

        SHA512

        a597cd674d3c0eabb824e29dd88de0678c0aed30ee2fe2bbfeead488114596cab3522ecfe24021097eaccc4b8e1e58589b180e17363dd621b70e0b3daab33eb7

        Download Submit
      • C:\Users\Admin\Desktop\ConvertSkip.m1v
        Filesize

        383KB

        MD5

        de07e64dae1c1d9114da235fcc10c9aa

        SHA1

        3d9d1a8a40f9c65fad2ff16a9049f7f020332d9a

        SHA256

        3627fbae424cac49c174b410690867b0d85a19274e1cdfe09ce2dc46cc532fdd

        SHA512

        7f65757ac973c1ba8cc97d0d0584e55be7d8448babef6056207215e1d78a1cd0d1fe50591b09a038d371dc310b101b8bf9df43537c25caf33ce14acf3f11c136

        Download Submit
      • C:\Users\Admin\Desktop\DisableRegister.edrwx
        Filesize

        1.0MB

        MD5

        22fb5d8b39c3bd4a83dd37f3e7990c4a

        SHA1

        513895050e79573ab1936a867e7079ec85e4e979

        SHA256

        57e516bd7cb2c59e207bdb250d91e1ed23290eaaf4143de93eb56b0e32550e6b

        SHA512

        1e3166ceeead4ee227f7cc3d600b57932380680f145d618900755233533d9eea94e2e83f3ce9fd8493977cf8b8f4409b93e4c4cb6054479d30b89d230bfeaf05

        Download Submit
      • C:\Users\Admin\Desktop\EditRemove.html
        Filesize

        754KB

        MD5

        1f5a33b0e087beeb4fc652a7ebb181eb

        SHA1

        fbaadcf6a1a0e369ad48ec997fcda1f51c3e5dac

        SHA256

        da3dd47cd4d69de812a1fb7206eb2f57194eff31584a93b9c45dfa6d376474f6

        SHA512

        9b2461a4e1a9bc862c3e549c338cb03c32713028985b6743be1f02fcfabf04ea02dd09fb8ef2de003f8f95ad4b10499c556b57de21516da909a456e1ddbb7c13

        Download Submit
      • C:\Users\Admin\Desktop\ExportUnregister.mpg
        Filesize

        406KB

        MD5

        1dd5a90f7fbbbef004fde3d4bb29bcb6

        SHA1

        625deb9b396ee6943224ca4e210c22d3456f20af

        SHA256

        6fd8ad5146f1d75decb6b207f19c6e8f2f2f08472fa38caf8df5d74941eec416

        SHA512

        99bd6f4c6a7e5d6b76cd87307e5b836021af7eb499e4b5a9d1a011e46441ac7005d8533482e4ca7f2e6b678f59163f8ab99c7a1181e7f5c9f41de173b9233eda

        Download Submit
      • C:\Users\Admin\Desktop\FindTrace.edrwx
        Filesize

        313KB

        MD5

        9a99c76ccf5eb4e35163a6f0f03ef3f1

        SHA1

        607a60992179296bd3755cbd29b2074fc692202d

        SHA256

        bf0c7fa6d03ff3f2567d9c1834a032d99fd2a2e25b60b8cab4dcd4f0c12eefdc

        SHA512

        84dd93271a7e801ef75aab652ea7e2d0173fe5ddd114cf278fdc99e3b91a7e6c2755ed4a115ad73efddc1545eb6e6685e76bb8d1580d22e6f441234bd59602d7

        Download Submit
      • C:\Users\Admin\Desktop\GroupResolve.rar
        Filesize

        290KB

        MD5

        a1cbc3f28fb0f219d93c5b463264f6d9

        SHA1

        53bf5196e42f23847cdc7e8ce0de8fe3f5de8cde

        SHA256

        46eda992f71b88dab04f5bda9040febac5d7a821162f20a70344f776ecf7cf39

        SHA512

        ddcd75fbfbff9318014a34fe031f4d0f4bf8850d4db7dc6b0dde71a8043eb2f19615c0dd79b0ffbad99575344c287ac00f732117824f6b7e26bb0bfb85d32671

        Download Submit
      • C:\Users\Admin\Desktop\InitializeDisconnect.ADT
        Filesize

        522KB

        MD5

        8bbb86f814c2f798b9b4839e6d0f2beb

        SHA1

        5f0c7762526e34fba266dfc57b16ac6bceec7b91

        SHA256

        2ee7040b3a51b70b45c97b24c9739241cff8fed872accf224b7679ab739ddb24

        SHA512

        e445261091aa9b48df7b09bfc4cb3957d2768089b69dbd5775e8ca3a65c10d4643c957593543f8d26e8b38793f4a4262adafd953a76c3f4abc453c83c084e743

        Download Submit
      • C:\Users\Admin\Desktop\InitializeSelect.zip
        Filesize

        662KB

        MD5

        1b104fff4f35ba875ef32ac24ac7146b

        SHA1

        3f08690f28c3fa058f464532549af404414d37f3

        SHA256

        7600d455277daed86fa18b109c15523b97f24f0a0001e9078aecd0670d8543c0

        SHA512

        214657952f819b59035ddeb5a390854bf0b0886ae5aa6430f3bb80a8d6811cfbeae8b4e7e705bb7922684d7bc33b989951c9591804bd83a9128d704dd3ad896c

        Download Submit
      • C:\Users\Admin\Desktop\MeasureDisconnect.asx
        Filesize

        545KB

        MD5

        0bccb3dafd310fdda84a26d5d89df622

        SHA1

        b2e109a2a5ef3330f8edebc5a1d308549d3f6c81

        SHA256

        bce7df0e9ee695251a37181410a069b66d0cefe163f86498bef3601f1dff4154

        SHA512

        9fc2d31183c92da9d8adbe2c3a7d20f8a58970ff6aae86f32134e587ae0b07452c934ba0267cda8cc8d0c67d697a7ad4fe4074ecca501191ee849093ec01ae18

        Download Submit
      • C:\Users\Admin\Desktop\MoveOut.zip
        Filesize

        360KB

        MD5

        9b97f449fc3d47ac38acca1ee569ab90

        SHA1

        4ad070d998d5e0436a83e9c3a2f4d9bc6431f6de

        SHA256

        d8b764b038b583187d2dbcdcde05a104c14aabd6c6776f77db8905a3730bae4c

        SHA512

        33eb45882c1d78f9a83998105d596d59191bd2f5d3833a6273560e7cac481ac435a9fe98d713e63a0c65d955b67f7fc971ba4ffe58262b9b660141ee08306776

        Download Submit
      • C:\Users\Admin\Desktop\NewJoin.m1v
        Filesize

        615KB

        MD5

        40be13ebefa5a10fe4a08cda328e4ae6

        SHA1

        4edea23c19c0c24575faabcb9b6d99e19ef6ab6a

        SHA256

        3f1d6b47088844302f6c630f2753afb8e30c4af3385c795ea9de7089f5541e52

        SHA512

        5e62f280600f55f50234afe7844c4f2ae0bb8c995cbf1bbd1bb703951b46ffb2a91a4ad2ce9d6f8916761ab1bd1f575096e23a92a2df01829d8776587a6c276c

        Download Submit
      • C:\Users\Admin\Desktop\OutUnblock.js
        Filesize

        708KB

        MD5

        8174a90ae05063227977c0bad3697fb7

        SHA1

        b7fa91651c8a0ad56960983c811aca7532c10d66

        SHA256

        b8e28f54dfc2274020c3ff010cb5e431f69b40b4b41f6668dca83edfb47cae26

        SHA512

        6831c83a69a04c18e95f1ec96618006290c1760b265eeced2f1ec8ca4d5bc01be641522f6591bde713a5184547c5213b10573005cefda24727261ee70d5a6788

        Download Submit
      • C:\Users\Admin\Desktop\ReceiveEdit.otf
        Filesize

        336KB

        MD5

        3b61425062722e2b2191c22199c17de4

        SHA1

        7a337c6343a45dad0a0ff85f00d29e20ebad1d7a

        SHA256

        0e51aa26961355c7f03beeef8374098c0c2f89d5b4a8799bcddcc02270567dd9

        SHA512

        142773f634e83e995722fa63e974514850c1c69163aa83e762183fa1f44542612148293a56717d0365900a064b89006bc2548f6bac758a39b022c380414e3545

        Download Submit
      • C:\Users\Admin\Desktop\RequestSave.jtx
        Filesize

        476KB

        MD5

        38d1d88497e44dd2ff841b68d800f31d

        SHA1

        a580d29f357c1d6d897a8674c4d8a92af1f8f61e

        SHA256

        8882ee773116a8dfed20c2ae3f24ef2fca837f8fc6200cacbb6df304238e2aae

        SHA512

        a98dfbe868a50f27c620ab2740a05db447f9f1bc4abbf27c1a65fda2055a5ffb9ed65e3028f3c246b06d71b9098357073abc3e966baefab0fe5225617b4aeb12

        Download Submit
      • C:\Users\Admin\Desktop\SearchLock.vssm
        Filesize

        452KB

        MD5

        f2677df12ea8d7964e1cd3bf01a06878

        SHA1

        0e7b56a31de0b38a85eb1721d81939b21d400217

        SHA256

        ccd1f2ede48cfa6348fad1579630259a7a311deee061fcea73ae53cb6b7dc685

        SHA512

        1cef8d9cc5f148d1464ffc5f0f149ec64ce5ad5e1f31be718ead290ee58f3278f1c6e66f29c36977036492e704e77b988cb9745c8e3fd28b3cb31f547fe2c188

        Download Submit
      • C:\Users\Admin\Desktop\SetJoin.bmp
        Filesize

        429KB

        MD5

        4b17c0bc6209540634bfc1c5ca50ad3d

        SHA1

        e5eea208bd160ddda8bcf43c20f95b3d96eb22a9

        SHA256

        f107c3d03484c3fcb738121696988200986c8697a02e6b877de96ad6a0588f9d

        SHA512

        51ff64f51c0f3e31e6c3319082ae641751a379a186a1da6e593bb9f866db7cded3c7bda2a934c54c4165ec755bfaabd9fc3f020df2e53300032d12f3ef0e63b9

        Download Submit
      • C:\Users\Admin\Desktop\SplitDismount.xml
        Filesize

        592KB

        MD5

        cf86245aa24b9d568d608cf854a3bbf6

        SHA1

        d333fc2d6a085f7935855a5599bb7a5d46551ce1

        SHA256

        8d59b71b8b2a473ee394ebec968f6f6f451e12e8e053730113a5b447c50223c7

        SHA512

        a94840028dab5344eda29e5ea5bdedae597cd5c9b56388b1d146defbbe5143a5b54801f047a54abc21fcaed8ab5d7905b443b20e9069a30ee84ac9cbb9123444

        Download Submit
      • C:\Users\Admin\Desktop\TestMove.xps
        Filesize

        267KB

        MD5

        3012639c36af961b356a4a34a62f9bb9

        SHA1

        726a33f47236c480c937409a0cff74f7a8acc992

        SHA256

        02453a655dbedf3ebe4c7638166e4d8fb0f4eebafc4bced79362f0fc34b94d28

        SHA512

        72e2ca367ffe361436f8366159d3a07a8901e2efe39242140b2628da0bf3ec51b5abf627366473daed40595171ef48d0eeafd00152aab371e1aad55be6eda236

        Download Submit
      • C:\Users\Admin\Desktop\UnprotectOut.3gpp
        Filesize

        569KB

        MD5

        32cc25731779540127a19d7f73b16eba

        SHA1

        ceca1e2230e595c6dbf9b4dec187420c151a1219

        SHA256

        bd72828f4816c18fc492377d95e5e60e2c8d1b9c1df0d6c73d99c6f10863d583

        SHA512

        2ec02ec4928e76023c344944b060dc3e21ea84839dd78e0e21dfe1a989d7b8296f2daa9ddb07fb2f1af4d065905f1a63d9c96e8368c2bf292a52a0bf35a6d840

        Download Submit
      • C:\Users\Public\Desktop\Adobe Reader 9.lnk
        Filesize

        1KB

        MD5

        4161ab114dbc3c824ecaf4db7e53ebd3

        SHA1

        e459ad047b33fdc70c240939ec8a88c1be747a05

        SHA256

        974da3edd1e840d7c5dba3587643c3663d92584d37f2c9d27c5cb06cdc9a3d5c

        SHA512

        396242e9473e59ab8d28d26cbc48b6bee3b0ac3e4b5bb300bfdaeb0118ab91665a4aa36d3b3244e4295980ac98c2c59b3e8415f18b88864dcc70feebe13c5c06

        Download Submit
      • C:\Users\Public\Desktop\Firefox.lnk
        Filesize

        931B

        MD5

        8eb3b7c5b0a20ded02402d97a68bd6ae

        SHA1

        c9d167b04814f0ea2bd76c3e944a01083e6003b7

        SHA256

        b5d774f09a921053c28ea4650f0cfcdfbac12671264d8f365481d542c477c607

        SHA512

        89515ec433d280311ac34d049bbd3b666586aa448328ac621425edb154cd268fd80ec6d5c92cfb0f9b6c2b62e90fc037b032324cd0f3619676a93d6e9d2ae3d9

        Download Submit
      • C:\Users\Public\Desktop\Google Chrome.lnk
        Filesize

        2KB

        MD5

        4f6eb4436c4d6c0e5eb8b3783783fdcf

        SHA1

        ac02d06b942e839fbd84117c82f3f009435352f5

        SHA256

        82ab5899fba7cb6f7855418f21bfd7688f9abf84d873a2c7df7efa9cfb7a4240

        SHA512

        0d9d24e5586ac3a34913d0d268dbc0ff712b81c9e87988dcdaf9f45b638f54ef75f8c18da19043ce6e7e4d948a518bee5275d72839b93340821d3d8607c14924

        Download Submit
      • C:\Users\Public\Desktop\VLC media player.lnk
        Filesize

        878B

        MD5

        ac91ff3a613e8face112dc7b7432a5f5

        SHA1

        81efea3c4a36037ee5edab6e565d732b208643d0

        SHA256

        365a377b15a15d961055b144eeb46654995f345863841dea82e08f05dec4d073

        SHA512

        1492c5effcd722c5d841d0d79eb322dae5cd9e3b7627baf7b6aa88143d0c3d251aa8a0fd2a4b99e42da57c5cba378b69626adaae52422b5435f0e1783fa33fa9

        Download Submit
      • memory/800-81-0x0000000140000000-0x00000001405E8000-memory.dmp
        Filesize

        5.9MB

        Download
      • memory/800-82-0x0000000140000000-0x00000001405E8000-memory.dmp
        Filesize

        5.9MB

        Download
      • memory/800-83-0x0000000002B00000-0x0000000002B01000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1072-89-0x0000000000820000-0x0000000000821000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1788-84-0x0000000002760000-0x0000000002761000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1788-85-0x0000000002760000-0x0000000002761000-memory.dmp
        Filesize

        4KB

        Download