Analysis

  • max time kernel
    144s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-08-2024 21:13

General

  • Target

    resources/app/src/assets/css/index.css

  • Size

    20KB

  • MD5

    9338a403220d934986f5dc738419174d

  • SHA1

    33d0a93608f28900b4771b49d88259b2f70350e7

  • SHA256

    2f281d5eb03f52a46514089fd0b0af408f02613a8fcef8d506dc01f590651d7c

  • SHA512

    cd92d15c6ee9d6d9ed78fa073406462d5f3b33cc9c198a693fa51f53889ba9f5ef2a498ea3f033ef7cad73b1248e4bad9afcad8246f5b98dcde3435399dca508

  • SSDEEP

    192:zIPPOBM/UfNLh38L6wLLd949+cZaxYPrunqm0LJ4nqBDmwsNSflfBWG+ngBmb:UFUf7ML6hPrDz+KfBWtg0

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\resources\app\src\assets\css\index.css
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\resources\app\src\assets\css\index.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:4984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads