Overview

overview

3

Static

static

3

_16ec2e4e-..._2.zip

windows10-1703-x64

1

_16ec2e4e-...67.zip

windows10-1703-x64

1

_16ec2e4e-...67.zip

windows10-1703-x64

1

16ec2e4e-6...67.xml

windows10-1703-x64

1

CyveraSystem.reg

windows10-1703-x64

1

Logs/Traps...tl.001

windows10-1703-x64

3

Logs/Traps...tl.002

windows10-1703-x64

3

Logs/Traps...tl.003

windows10-1703-x64

3

Logs/Traps...tl.001

windows10-1703-x64

3

Logs/Traps...tl.002

windows10-1703-x64

3

Logs/Traps...tl.003

windows10-1703-x64

3

Logs/Traps...tl.004

windows10-1703-x64

3

Logs/Traps...tl.001

windows10-1703-x64

3

Logs/Traps...tl.002

windows10-1703-x64

3

Logs/Traps...tl.003

windows10-1703-x64

3

Logs/Traps...tl.001

windows10-1703-x64

3

Logs/Traps...tl.002

windows10-1703-x64

3

Logs/Traps...tl.003

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...log.gz

windows10-1703-x64

3

Logs/adapt...cy.log

windows10-1703-x64

1

Logs/corte...ad.log

windows10-1703-x64

1

Logs/cytool.log

windows10-1703-x64

1

Logs/cytoo...rb.log

windows10-1703-x64

1

Logs/foren...ts.log

windows10-1703-x64

1

Logs/foren....log.1

windows10-1703-x64

3

Logs/foren....log.2

windows10-1703-x64

3

Logs/foren....log.3

windows10-1703-x64

3

Logs/foren....log.4

windows10-1703-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    145s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/03/2024, 19:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Logs/adaptive_policy.log

  • Size

    7.9MB

  • MD5

    0a1184eb4dc548855efa0254ab5c3100

  • SHA1

    0e12832c2e2c3f401135eec9b0e6f7a77c1be1aa

  • SHA256

    4f10ecedea88baba7205970791810defe7c2efad228c996e0602891183636655

  • SHA512

    841923f577a0e0ee2ecc5e9bc5f20888f395817e79f644ecfd5936d580f6862e24746b1f6fb131c657f267960e20556320f8a421877933c21b76df687abb187d

  • SSDEEP

    24576:uGwLGvrxSrU2HpH8EJWff5xNJ355OCOCOCOCOvZlnuKWZi2QD2pYGIqdp52CTYwn:b

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\Logs\adaptive_policy.log
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:3428

Network

  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    234.17.178.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    234.17.178.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    36.56.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    36.56.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    36.56.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    36.56.20.217.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    36.56.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    36.56.20.217.in-addr.arpa
    IN PTR
No results found
  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    234.17.178.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    234.17.178.52.in-addr.arpa

  • 8.8.8.8:53
    36.56.20.217.in-addr.arpa
    dns
    213 B
     131 B
     3
    1

    DNS Request

    36.56.20.217.in-addr.arpa

    DNS Request

    36.56.20.217.in-addr.arpa

    DNS Request

    36.56.20.217.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.