Overview

overview

10

Static

static

3

0774ee18a5...47.exe

windows7-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...rd.bmp

windows7-x64

3

SignUp.css

windows7-x64

3

Uninstall.exe

windows7-x64

7

confidence.fjo

windows7-x64

3

global_ie9.css

windows7-x64

3

jquery.tooltip.css

windows7-x64

3

landing-gas-icon.png

windows7-x64

3

nivo.css

windows7-x64

3

noFlying.css

windows7-x64

3

photo.jpg

windows7-x64

3

Resubmissions

04-04-2024 10:25

240404-mf9csada39 10

04-04-2024 10:18

240404-mcec8scc31 10

02-04-2024 03:00

240402-dhm3wsfb76 10

02-04-2024 02:52

240402-dc3w6aee8s 10

31-05-2022 01:49

220531-b8vjjseeep 10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    02-04-2024 03:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nivo.css

  • Size

    1KB

  • MD5

    a995391b3cd9b31b6d2ee4b9ba5e3fef

  • SHA1

    32126647e25b5735dda91dcf6d8411974c4c7f32

  • SHA256

    27609eb25cd0e2182b0840aef1f030a1871d06f4b022a160d8d2cdfbaf37ef8d

  • SHA512

    0b487154d8b2efeb7fc7f82a80de9f48597471e1062a9672c76e66d7bc5a1d790a1d4b107d19324bd9f125801f43ed04fe3a1118c9e3b46b0d8cb09ceb89efbf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\nivo.css
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\nivo.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:1696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads