Analysis

  • max time kernel
    0s
  • max time network
    6s
  • platform
    windows7_x64
  • resource
    win7-20240708-es
  • resource tags

    arch:x64arch:x86image:win7-20240708-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    11-07-2024 03:55

General

  • Target

    avenue.css

  • Size

    851KB

  • MD5

    80c958daf65aa1aa311f44182dca568c

  • SHA1

    8376a30ddefdc18a35d1fcaaee3b4280edc91db6

  • SHA256

    f3fadb0f786881330323db896aec61c8077c70f1c73db5163fefbcc48cc12d2b

  • SHA512

    0f6b10336afe0cef8d7ee4f9e76051784aa6e44e4d51d11943580a2e7ec0dc73d4291c5bfcf8ee750d4670cda8d227ee7792647263ea28a45709324217770b63

  • SSDEEP

    12288:cf/TBqnL/fXZSnPMfVy9OEJ8LC/DBglFYEMWp4nNujGAAOSwrdQieMDQCnFZy0i9:mCHiP4Vy9wZEGydfOXyi1DQyFJiasdr5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\avenue.css
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\avenue.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:1912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads