88937cd3d32a7965ea58b80d98d79e0f08d490713d481ffffb65c7c046ba0772

Analysis

max time kernel
1719s
max time network
1174s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
31-12-2023 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virus.txt
Size

62B
MD5

f32439cb651855ccd498f549e69d41fd
SHA1

05cf7cecf45cf0cb7957f0466ee19ffd3986318e
SHA256

88937cd3d32a7965ea58b80d98d79e0f08d490713d481ffffb65c7c046ba0772
SHA512

58f5fd73fdceb93d8dddba1c353cc01c97b2e2b1c6877e4d057092d938515689892ed6541d4a3418981db07f82d80c1c5cbabe08787ed567fe97561c35d50647

Score

1^/10

Malware Config

Signatures

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4244	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3600	svchost.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\virus.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4244

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3224

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3600-16-0x0000015098490000-0x00000150984A0000-memory.dmp

Filesize
64KB

Download
memory/3600-0-0x0000015098390000-0x00000150983A0000-memory.dmp

Filesize
64KB

Download
memory/3600-32-0x00000150A0A80000-0x00000150A0A81000-memory.dmp

Filesize
4KB

Download
memory/3600-33-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-34-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-35-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-36-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-37-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-38-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-39-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-40-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-41-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-42-0x00000150A0AB0000-0x00000150A0AB1000-memory.dmp

Filesize
4KB

Download
memory/3600-44-0x00000150A06C0000-0x00000150A06C1000-memory.dmp

Filesize
4KB

Download
memory/3600-46-0x00000150A06D0000-0x00000150A06D1000-memory.dmp

Filesize
4KB

Download
memory/3600-43-0x00000150A06D0000-0x00000150A06D1000-memory.dmp

Filesize
4KB

Download
memory/3600-49-0x00000150A06C0000-0x00000150A06C1000-memory.dmp

Filesize
4KB

Download
memory/3600-52-0x00000150A0600000-0x00000150A0601000-memory.dmp

Filesize
4KB

Download
memory/3600-64-0x00000150A0800000-0x00000150A0801000-memory.dmp

Filesize
4KB

Download
memory/3600-70-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-73-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-72-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-69-0x00000150A0820000-0x00000150A0821000-memory.dmp

Filesize
4KB

Download
memory/3600-75-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-74-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-68-0x00000150A0920000-0x00000150A0921000-memory.dmp

Filesize
4KB

Download
memory/3600-67-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-66-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-77-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-76-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-79-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-80-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download
memory/3600-78-0x00000150A0810000-0x00000150A0811000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads