Overview

overview

10

Static

static

1

RFQ for su...89.rar

windows7-x64

3

RFQ for su...89.rar

windows10-2004-x64

3

RFQ for su...89.exe

windows7-x64

10

RFQ for su...89.exe

windows10-2004-x64

10

Resubmissions

17-04-2023 16:19

230417-tsqjrsfb33 10

17-04-2023 16:08

230417-tk6wsagg5s 10

17-04-2023 15:53

230417-tbt6magg2s 10

17-04-2023 15:30

230417-sxwqxage9v 10

Analysis

  • max time kernel
    156s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2023 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ for supply of Stock Replenishment FI-2023-089.rar

  • Size

    768KB

  • MD5

    49f8a8d16bdd4d2af2be3a79d7b213a4

  • SHA1

    1401ce8fc3f0d28d4ef74cc5e9942ceeb14478f9

  • SHA256

    2408a41dc207fa367704b1f16372fedfa2c4163f65daf436d6f8ae2490b9aff6

  • SHA512

    ffec50f37556a1e98695b8bd268d9f1f174431ed703894aae3dbc3cdaf79c2c5015c792f87e2175843601989085c869f540c01be1cc65a3ab593aa0d37cde748

  • SSDEEP

    24576:ZBkU9NFUst/kzT0fW8yzFQP4Yq8BzNSDtiBRP9o4xTQFuHj:ZG8NftST0fWZzFQAYF0iBfo4QMD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.rar"
    1⤵
    • Modifies registry class
    PID:864
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4920

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads