Overview

overview

10

Static

static

3

0774ee18a5...47.exe

windows7-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...rd.bmp

windows7-x64

3

SignUp.css

windows7-x64

3

Uninstall.exe

windows7-x64

7

confidence.fjo

windows7-x64

3

global_ie9.css

windows7-x64

3

jquery.tooltip.css

windows7-x64

3

landing-gas-icon.png

windows7-x64

3

nivo.css

windows7-x64

3

noFlying.css

windows7-x64

3

photo.jpg

windows7-x64

3

Resubmissions

04-04-2024 10:25

240404-mf9csada39 10

04-04-2024 10:18

240404-mcec8scc31 10

02-04-2024 03:00

240402-dhm3wsfb76 10

02-04-2024 02:52

240402-dc3w6aee8s 10

31-05-2022 01:49

220531-b8vjjseeep 10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-04-2024 03:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SignUp.css

  • Size

    1KB

  • MD5

    459ac60c0351a30280a9ee9930b2e9c1

  • SHA1

    986a45b838ab69e39fb36c5506e723bcc50ac468

  • SHA256

    0db2b4321981ccce2937720e711ded48beda7904957c5cb28b7af06905435bea

  • SHA512

    71fe88c48dcc6526003121467fcfd4176117152146f55b3b324ae95a0a3cd8808c6f8649f323f655799511e47f172c666c60410f88cb825dfe3b84c38c339efc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SignUp.css
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\SignUp.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads