Analysis
-
max time kernel
36s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05-02-2024 01:45
Static task
static1
Behavioral task
behavioral1
Sample
tfile.txt
Resource
win10v2004-20231215-en
2 signatures
1800 seconds
General
-
Target
tfile.txt
-
Size
1B
-
MD5
0cc175b9c0f1b6a831c399e269772661
-
SHA1
86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
-
SHA256
ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
-
SHA512
1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75
Score
1/10
Malware Config
Signatures
-
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 2572 NOTEPAD.EXE -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid process target process PID 5004 wrote to memory of 1040 5004 cmd.exe format.com PID 5004 wrote to memory of 1040 5004 cmd.exe format.com
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\tfile.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\format.comformat2⤵