Overview

overview

10

Static

static

7

archive-15...17.rar

windows10-1703-x64

3

archive-15...17.rar

windows10-2004-x64

3

hash.bin

windows10-1703-x64

3

hash.bin

windows10-2004-x64

3

setup.exe

windows10-1703-x64

10

setup.exe

windows10-2004-x64

10

Resubmissions

15-04-2024 19:48

240415-yjb28sgh2y 10

15-04-2024 19:06

240415-xsd3hsdf75 7

15-04-2024 19:02

240415-xpws6afh4x 10

15-04-2024 18:45

240415-xecmjadd57 10

15-04-2024 18:42

240415-xcbbpaff61 10

15-04-2024 18:39

240415-xaqctsff5v 10

15-04-2024 18:35

240415-w8gb5sff3w 10

15-04-2024 18:27

240415-w315csfe2x 10

15-04-2024 18:23

240415-w1w3mafd5t 7

15-04-2024 18:10

240415-wsg9hach35 7

Analysis

  • max time kernel
    126s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-04-2024 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hash.bin

  • Size

    171KB

  • MD5

    0bedec1e0e6bafddd2c73b3c985bf489

  • SHA1

    02e07ff6415046e366943d273dc1e921a69e92f3

  • SHA256

    771a893e114d405bcabff6d2624c4e16a9c173ba532c65990a30716146845d83

  • SHA512

    520d7962e9f45f5eff6dac25986a24120601b620586bc279055cac1a01673af8a1f296d2974ef4fcc5f6518f3af2fe416f7cacd1e1405fb3b1c70a7d69ab670c

  • SSDEEP

    3072:2S0o3Mdva34ru3iUFdwJ2Lzcbpx8dAMuj60G8rV71iRvXwkYFF0k4/fwQcp9HJT:27oc9Y9T2JlAKzjZ/VKPYb8fwpJT

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\hash.bin
    1⤵
    • Modifies registry class
    PID:2176
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hash.bin
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:1004

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads