Overview

overview

10

Static

static

1

RFQ for su...89.rar

windows7-x64

3

RFQ for su...89.rar

windows10-2004-x64

3

RFQ for su...89.exe

windows7-x64

1

RFQ for su...89.exe

windows10-2004-x64

10

Resubmissions

17-04-2023 16:19

230417-tsqjrsfb33 10

17-04-2023 16:08

230417-tk6wsagg5s 10

17-04-2023 15:53

230417-tbt6magg2s 10

17-04-2023 15:30

230417-sxwqxage9v 10

Analysis

  • max time kernel
    140s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2023 15:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ for supply of Stock Replenishment FI-2023-089.rar

  • Size

    768KB

  • MD5

    49f8a8d16bdd4d2af2be3a79d7b213a4

  • SHA1

    1401ce8fc3f0d28d4ef74cc5e9942ceeb14478f9

  • SHA256

    2408a41dc207fa367704b1f16372fedfa2c4163f65daf436d6f8ae2490b9aff6

  • SHA512

    ffec50f37556a1e98695b8bd268d9f1f174431ed703894aae3dbc3cdaf79c2c5015c792f87e2175843601989085c869f540c01be1cc65a3ab593aa0d37cde748

  • SSDEEP

    24576:ZBkU9NFUst/kzT0fW8yzFQP4Yq8BzNSDtiBRP9o4xTQFuHj:ZG8NftST0fWZzFQAYF0iBfo4QMD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1864
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1308

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
    Filesize

    138B

    MD5

    209b899b644247c57cc07153ea4eb246

    SHA1

    acacc24c0bd9118db8a8e37a48a290d3a26153fc

    SHA256

    00dda17490976d977890ff4b118f2d8e632e3c79aa2b07b889351aabd5365e7f

    SHA512

    5952ee398cf0992740464fe822ee84c83931594ea2edcb10df58345dca2c6e4d3f8d6f3757380dfcecff04340f80580b547c682ed5013c79d733019cc5c2e7b4

    Download Submit

  • memory/1308-78-0x000000013F5E0000-0x000000013F6D8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1308-79-0x000007FEFB220000-0x000007FEFB254000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1308-80-0x000007FEF68C0000-0x000007FEF6B74000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1308-81-0x000007FEFBBB0000-0x000007FEFBBC8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1308-82-0x000007FEFAC90000-0x000007FEFACA7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1308-83-0x000007FEFAC70000-0x000007FEFAC81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-84-0x000007FEFAC50000-0x000007FEFAC67000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1308-85-0x000007FEFAC30000-0x000007FEFAC41000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-86-0x000007FEFAC10000-0x000007FEFAC2D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1308-87-0x000007FEFABF0000-0x000007FEFAC01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-88-0x000007FEF5720000-0x000007FEF67CB000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1308-89-0x000007FEF5520000-0x000007FEF5720000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1308-90-0x000007FEFABB0000-0x000007FEFABEF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1308-91-0x000007FEF7300000-0x000007FEF7321000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1308-94-0x000007FEFAB90000-0x000007FEFABA8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1308-95-0x000007FEF72E0000-0x000007FEF72F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-96-0x000007FEF72C0000-0x000007FEF72D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-97-0x000007FEF6D10000-0x000007FEF6D21000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-98-0x000007FEF6CF0000-0x000007FEF6D0B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1308-99-0x000007FEF6CD0000-0x000007FEF6CE1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-100-0x000007FEF6CB0000-0x000007FEF6CC8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1308-101-0x000007FEF6890000-0x000007FEF68C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1308-102-0x000007FEF54B0000-0x000007FEF5517000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1308-103-0x000007FEF5440000-0x000007FEF54AF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/1308-105-0x000007FEF53E0000-0x000007FEF5436000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1308-104-0x000007FEF6870000-0x000007FEF6881000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-106-0x000007FEF6840000-0x000007FEF6868000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1308-107-0x000007FEF53B0000-0x000007FEF53D4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1308-108-0x000007FEF5390000-0x000007FEF53A7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1308-109-0x000007FEF5360000-0x000007FEF5383000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1308-110-0x000007FEF5340000-0x000007FEF5351000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-111-0x000007FEF5320000-0x000007FEF5332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1308-112-0x000007FEF52F0000-0x000007FEF5311000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1308-113-0x000007FEF52D0000-0x000007FEF52E3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1308-114-0x000007FEF52B0000-0x000007FEF52C2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1308-115-0x000007FEF5070000-0x000007FEF51AB000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1308-116-0x000007FEF5280000-0x000007FEF52AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1308-117-0x000007FEF4EB0000-0x000007FEF5062000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1308-118-0x000007FEF5220000-0x000007FEF527C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/1308-119-0x000007FEF5200000-0x000007FEF5211000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-120-0x000007FEF4D40000-0x000007FEF4DD7000-memory.dmp

    Filesize

    604KB

    Download

  • memory/1308-121-0x000007FEF51E0000-0x000007FEF51F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1308-122-0x000007FEF4B00000-0x000007FEF4D31000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1308-123-0x000007FEF4940000-0x000007FEF4A52000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-124-0x000007FEF4900000-0x000007FEF4935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1308-125-0x000007FEF4860000-0x000007FEF4885000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1308-126-0x000007FEF4840000-0x000007FEF4851000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-127-0x000007FEF47D0000-0x000007FEF4831000-memory.dmp

    Filesize

    388KB

    Download

  • memory/1308-128-0x000007FEF47B0000-0x000007FEF47C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-129-0x000007FEF4650000-0x000007FEF4662000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1308-130-0x000007FEF4630000-0x000007FEF4643000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1308-131-0x000007FEF4590000-0x000007FEF462F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/1308-132-0x000007FEF4100000-0x000007FEF4111000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-133-0x000007FEF3FF0000-0x000007FEF40F2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1308-134-0x000007FEF3FD0000-0x000007FEF3FE1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-135-0x000007FEF3FB0000-0x000007FEF3FC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-136-0x000007FEF3D40000-0x000007FEF3D51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-137-0x000007FEF3D20000-0x000007FEF3D32000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1308-138-0x000007FEF3D00000-0x000007FEF3D18000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1308-139-0x000007FEF3CE0000-0x000007FEF3CF6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1308-140-0x000007FEF3CB0000-0x000007FEF3CD9000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1308-141-0x000007FEF3C90000-0x000007FEF3CA2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1308-142-0x000007FEF3C70000-0x000007FEF3C81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1308-143-0x000007FEF3C50000-0x000007FEF3C61000-memory.dmp

    Filesize

    68KB

    Download