Overview
overview
10Static
static
1!~!SetUp_2...!~.zip
windows7-x64
1!~!SetUp_2...!~.zip
windows10-2004-x64
1!~!SetUp_2...!~.rar
windows7-x64
3!~!SetUp_2...!~.rar
windows10-2004-x64
3Setup.exe
windows7-x64
5Setup.exe
windows10-2004-x64
10avenue.css
windows7-x64
3avenue.css
windows10-2004-x64
7d3dx9_43.dll
windows7-x64
1d3dx9_43.dll
windows10-2004-x64
1heartthrob.doc
windows7-x64
1heartthrob.doc
windows10-2004-x64
1Analysis
-
max time kernel
0s -
max time network
6s -
platform
windows7_x64 -
resource
win7-20240708-es -
resource tags
arch:x64arch:x86image:win7-20240708-eslocale:es-esos:windows7-x64systemwindows -
submitted
11-07-2024 03:55
Static task
static1
Behavioral task
behavioral1
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip
Resource
win7-20240705-es
Behavioral task
behavioral2
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~.zip
Resource
win10v2004-20240709-es
Behavioral task
behavioral3
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~.rar
Resource
win7-20240708-es
Behavioral task
behavioral4
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~.rar
Resource
win10v2004-20240709-es
Behavioral task
behavioral5
Sample
Setup.exe
Resource
win7-20240704-es
Behavioral task
behavioral6
Sample
Setup.exe
Resource
win10v2004-20240709-es
Behavioral task
behavioral7
Sample
avenue.css
Resource
win7-20240708-es
Behavioral task
behavioral8
Sample
avenue.css
Resource
win10v2004-20240709-es
Behavioral task
behavioral9
Sample
d3dx9_43.dll
Resource
win7-20240704-es
Behavioral task
behavioral10
Sample
d3dx9_43.dll
Resource
win10v2004-20240709-es
Behavioral task
behavioral11
Sample
heartthrob.doc
Resource
win7-20240708-es
Behavioral task
behavioral12
Sample
heartthrob.doc
Resource
win10v2004-20240709-es
General
-
Target
avenue.css
-
Size
851KB
-
MD5
80c958daf65aa1aa311f44182dca568c
-
SHA1
8376a30ddefdc18a35d1fcaaee3b4280edc91db6
-
SHA256
f3fadb0f786881330323db896aec61c8077c70f1c73db5163fefbcc48cc12d2b
-
SHA512
0f6b10336afe0cef8d7ee4f9e76051784aa6e44e4d51d11943580a2e7ec0dc73d4291c5bfcf8ee750d4670cda8d227ee7792647263ea28a45709324217770b63
-
SSDEEP
12288:cf/TBqnL/fXZSnPMfVy9OEJ8LC/DBglFYEMWp4nNujGAAOSwrdQieMDQCnFZy0i9:mCHiP4Vy9wZEGydfOXyi1DQyFJiasdr5
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid Process 1912 NOTEPAD.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid Process procid_target PID 2700 wrote to memory of 1912 2700 cmd.exe 31 PID 2700 wrote to memory of 1912 2700 cmd.exe 31 PID 2700 wrote to memory of 1912 2700 cmd.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\avenue.css1⤵
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\avenue.css2⤵
- Opens file in notepad (likely ransom note)
PID:1912
-