Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
19-04-2023 04:06
Behavioral task
behavioral1
Sample
Invoice No 3031.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Invoice No 3031.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Invoice No 3031.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Invoice No 3031.exe
Resource
win10v2004-20230220-en
General
-
Target
Invoice No 3031.exe
-
Size
392KB
-
MD5
834d27a3338f27c774f1ac360bd811a2
-
SHA1
8b7c89a775b2cbe13b254ca062eea65f7c2ac6d6
-
SHA256
30dfdf5dc70837a7d9a22bb1128100ba462ef69d3cf97eaa65e7104dd19ce6d7
-
SHA512
64b75de52045819d4579c3fc35dd8364669f3564ae3aea63a939bf38f6f85636fe3b9aa719969989b9f4f1d91e1366b329ddd270aae60e5b3f091de46bd09c08
-
SSDEEP
6144:NioDjSNztkmcu1S4GlA9jmHv/VCSY3hw9lMbk6u1QMS0y+lqiHTonWryFDYR:wK46A9jmP/uhu/yMS08CkntxYR
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
Invoice No 3031.exepid Process 1676 Invoice No 3031.exe 1676 Invoice No 3031.exe 1676 Invoice No 3031.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Invoice No 3031.exedescription pid Process procid_target PID 1676 wrote to memory of 628 1676 Invoice No 3031.exe 28 PID 1676 wrote to memory of 628 1676 Invoice No 3031.exe 28 PID 1676 wrote to memory of 628 1676 Invoice No 3031.exe 28 PID 1676 wrote to memory of 628 1676 Invoice No 3031.exe 28