Analysis
-
max time kernel
96s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
13/04/2023, 20:52
General
-
Target
Boost Bot/readme.md
-
Size
2KB
-
MD5
cca7c59fbd77b249b9de0a544db90d11
-
SHA1
e384af9d5785c2e2927e341f9d32ac68930f39ab
-
SHA256
bb077a70921fc881d7aa569625447ebfbf386b918416a46587457cf2907b9da7
-
SHA512
883e692ca2fc1c04c0a836fd257e36fe172e82e667bab2f98cb5625a58c4d4742168448485664cff0f61b3ff44a60fdda31641338eb6fc41d77dc6c5cb67e9ce
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Boost Bot\readme.md"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx