Overview

overview

3

Static

static

1

Git_softwa...9.3.7z

windows10-2004-x64

3

Analysis

  • max time kernel
    63s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 15:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Git_softwares_v1.9.3.7z

  • Size

    31.7MB

  • MD5

    7e2b50108bb1571bd90bf5b060d685d8

  • SHA1

    b0e78dae8a00aa17edfbf9044d67d69ceada1240

  • SHA256

    d108f56414a131adef6c087f83c9048ee727d0dbdc83182010fd71384557b3c2

  • SHA512

    14c6a80e45a4eb4bf480f9cd82e95638e2d5a6f242edde430ee2b3ca7383461a676cc2dae45d3ab693c79bec18c8a54a2f325b6404ff503e5734a8dcffc028f6

  • SSDEEP

    786432:vVrqBGlUKn8Y2c9BrUv0vH+kHrdSe7UiLXhctlfc0ksQ7/N:trShKn8kpzvH1ZSeJLXhctlfFksK

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 63 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Git_softwares_v1.9.3.7z
    1⤵
    • Modifies registry class
    PID:544
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4412
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Git_softwares_v1.9.3.7z
      2⤵
      • Modifies registry class
      • Opens file in notepad (likely ransom note)
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2500
  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Git_softwares_v1.9.3.7z"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3020
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3232
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\Git_softwares_v1.9.3\" -ad -an -ai#7zMap32677:118:7zEvent23063
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2936
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\Git_softwares_v1.9.3\" -ad -an -ai#7zMap27258:118:7zEvent27271
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4040

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\Desktop\Git_softwares_v1.9.3.7z
            Filesize

            31.7MB

            MD5

            81a193c049f2c422f69f667a8107dccb

            SHA1

            ad63661335a277255fe674ea0ccf2f04fb93b5c1

            SHA256

            08a1ff17289eef7e2db379b0736c5ae0442a0985df2b1fe42aed404f043cecf6

            SHA512

            6f44d4e0193056fe826c0aaa3f2d09bfca7cf8539b0fc50a3b3835b23d36f81388302298ded00def786a95475365f15a762590a1b15637e181bae38c752a62cb

            Download Submit