Resubmissions

22-04-2024 15:01

240422-sd558scg4v 10

22-04-2024 14:58

240422-sch93scg21 10

Analysis

  • max time kernel
    149s
  • max time network
    273s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-04-2024 14:58

General

  • Target

    TangoGen/license.txt

  • Size

    6KB

  • MD5

    0b09566254b011d989decf0e23a902eb

  • SHA1

    3ae5cd6be73daf418b8deee9c865cf78225838c9

  • SHA256

    a19d58aaab15c4d0019e569d1c073d1b5286fdd37dbeee7a58a7d1ae76045ae1

  • SHA512

    4e22e58f925879306261e5993039e1d84d87f8fecc0f9fdad534da55b6fd22be77e622a4077d8d521f7734e5535f66853d581155987e2f3607e2d386938c218b

  • SSDEEP

    192:uEwjuKsgA4+XYdXjA+okS63vZBCSUziJm:eNs8+QRVxBRU1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\TangoGen\license.txt
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2448
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\TangoGen\license.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:4460
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:384
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:4472

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

      Filesize

      10KB

      MD5

      e8197e68deaabec1caac808d8a1b1202

      SHA1

      3b706ac97224e95f5db57eb60acf067ccf2d4c95

      SHA256

      89d5da8ae7c25fce8f1b74b2a02f4cb9d524dac5b752b35e511d399259a26d66

      SHA512

      609e6013c4683519b1d7448c2417ec3f528a0764f1ae9c9cedc213ceec2df497c187164e7b713e4a78236e17f6fc9680630551a7fec98c2432e308a48b8e66e0