b92c73fd80d0356057d3b279d18e2ef7097eae67d0bf0ee03478f0bb19bef23c

Analysis

max time kernel
888s
max time network
1170s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
30-01-2024 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

selfbot/data/animated/dewae.txt
Size

703B
MD5

8af0747ba2fa4213c446afe6af42755c
SHA1

a26d4e458d56cdebf71bccf36daf060be38fcc5b
SHA256

447fa2eefec4e5a29c2f1c6b7e297f3adf61c56526772bae1add2065ce49cf2e
SHA512

1e30b566f1149705967906814f3f1f2bd8802fc9bfa28ec5d058d19b1334ca2322a5319d1f3b60513c9573c6fe6b371a8ba35e8e45d47f83e1bf2ece6668b8e6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1199853020-417986905-91977573-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3900	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 3900	4728	cmd.exe	79
PID 4728 wrote to memory of 3900	4728	cmd.exe	79

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\selfbot\data\animated\dewae.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\selfbot\data\animated\dewae.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads