Analysis
-
max time kernel
48s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20230220-es -
resource tags
-
submitted
15-04-2023 23:16
General
-
Target
AutoDesk 3Ds Max.rar
-
Size
891.1MB
-
MD5
8f86a57f85eb4ce56307e3dccb18e15a
-
SHA1
f7ed5fc50246dfbdbb34e9594c964183c18f9c10
-
SHA256
c204b195f1a47ddeb285ed92d9cafe569a96ac476828b375d3e33a228fbce9da
-
SHA512
a153f292ea64b561f2baa5218d8ff34d2948f52a68dea024fb54efc2fffc82aa1c154f2f253e524fba194f0cbd2c71f9b9cfc33212c3d8f5387eff27983997fa
-
SSDEEP
786432:JH7Ctdd4O5V8CZkL6a9yjvk2bg5jwalnLKKrgXEvY8oZEeUBO1PevDwPl10tZJ/P:+GJONIYBdVsyDY
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\AutoDesk 3Ds Max.rar"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AutoDesk 3Ds Max.rar2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam