Analysis
-
max time kernel
155s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
13/04/2023, 08:57
General
-
Target
Expression de Letizia GESBERT SESIA.odg
-
Size
2.1MB
-
MD5
1d300711bd0bb5c942205f2e9c5c1c3d
-
SHA1
14e6bb99b189c62125d13ad4c5a6dcb423160d10
-
SHA256
b411f13d4ab2e8b564683acf97f4ca723ec7c5f3c729475d0951b0e4109039ef
-
SHA512
45cac9b2ba30a0bb11a7db8a13710f4ee0fbfdca9a3905072a80813a947cb6cd31bd4aa6ea4ba64d43ef99973e9fb991c0a4ca3e0dd0fcdbf6d5a7eb5c4c0c0c
-
SSDEEP
49152:+2h8tNoqwYovl7eK03sfcDFuRDBhUaMnnaLBiwXMPGijm:+2+tNo8mqK4IXibkBLXKGN
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 9 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Expression de Letizia GESBERT SESIA.odg"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Expression de Letizia GESBERT SESIA.odg2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Expression de Letizia GESBERT SESIA.odg"3⤵
- Suspicious use of SetWindowsHookEx
-
-