Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
13-04-2023 23:18
Static task
static1
Behavioral task
behavioral1
Sample
gbapokemonemerald.zip
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
gbapokemonemerald.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
gbapokemonemerald3.png
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
gbapokemonemerald3.png
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
gbapokemonemerald3`Apr | 14 | 01:17 | 2023.gba
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
gbapokemonemerald3`Apr | 14 | 01:17 | 2023.gba
Resource
win10v2004-20230220-en
General
-
Target
gbapokemonemerald3.png
-
Size
53KB
-
MD5
97779eac0d5095f5781aec8b76753786
-
SHA1
3d85117a7c1d95cd9969be44d6df43e45654ccdc
-
SHA256
0d47e2ceab8cb7b2f4d47330eed6b67a2de6fdf08e642f2e8d23d17be7df185a
-
SHA512
40a684296c8d6a8c57deebd29089c8ec82ce984015e1a9b840939521e99492357f0f1e5f589ea8b7110bc342763034c164b98611e524e316cde170257e1c2c3a
-
SSDEEP
768:LE5NO/EGDSgFSladcnbGVoBJPJm21SVn3YwkOfjmKzCQVRgcfCJv8FLU6Y:o5Y/EGKlp78218nIwkO7/GQUcq2UR
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1808 rundll32.exe