Analysis
-
max time kernel
74s -
max time network
81s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
13-02-2024 13:45
General
-
Target
authroot.stl
-
Size
171KB
-
MD5
9c0c641c06238516f27941aa1166d427
-
SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977
-
SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
-
SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
SSDEEP
1536:+AuJ+lCUs0RvWqgCyPW5BXNWdm1wpyru2/3EwjYoz0VDTrubmt6mJp:+9J+q0RuXCyfdmAyru2/RAKtgp
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 33 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\authroot.stl1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\authroot.stl2⤵
- Opens file in notepad (likely ransom note)