f6a78cefa7457af397ec51bbf0593f062cdd932e932c4cfe0f3e5a2fb2653470

Analysis

max time kernel
109s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14-03-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

README.txt
Size

928B
MD5

4a696fefeef0bae73a3358e7bba47413
SHA1

da4ba272db35131c93af20d019d10502c80485a5
SHA256

dc45080b1009ad874227ef73d1cadfc8ee13eb9778d49830da102af248b6f067
SHA512

5be178f006d42816b2c5ef237bdc117058d624561318393e4e75ec36e12c2349e8fb8f3c0a9bcefd78891b0cbb4e57a8e27542b79af6af474b40a5a2b1c06382

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1648	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3800 wrote to memory of 1648	3800	cmd.exe	82
PID 3800 wrote to memory of 1648	3800	cmd.exe	82

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\README.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3800
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\README.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads