d80f9618ef8369e54986f2abf564e5eeccf961d3ddaca515622412b1e4648d4c

Resubmissions

20-04-2024 17:13

240420-vrrwwadh2z 10

12-03-2024 21:36

10-03-2024 04:41

10-03-2024 04:40

10-03-2024 04:38

09-03-2024 07:38

Analysis

max time kernel
156s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10-03-2024 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Reaper/Reaper/Reaper.exe.config
Size

158B
MD5

505c30296417920ece68a4b1e0aae738
SHA1

08fed3e09735b7e6df067c53070592338a6770fc
SHA256

7ffc94d139bfc1b5cf222cdbdfe0bf53d665f8b6806625dccc6183a626a0433c
SHA512

eb095d1ad332869547f948fda262f8d8f71ab7183782e9105ffd75d3e5c81ec4274f79b6c7385db3eb5e8e212aff003a7ccf16712a8e2af52e769f5a310f7f93

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

5112 OpenWith.exe

pid	process
5112	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Reaper\Reaper\Reaper.exe.config
1⤵
- Modifies registry class
PID:4000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5112

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads