Analysis

  • max time kernel
    11s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 04:06

General

  • Target

    resources/app/src/assets/css/index.css

  • Size

    20KB

  • MD5

    9338a403220d934986f5dc738419174d

  • SHA1

    33d0a93608f28900b4771b49d88259b2f70350e7

  • SHA256

    2f281d5eb03f52a46514089fd0b0af408f02613a8fcef8d506dc01f590651d7c

  • SHA512

    cd92d15c6ee9d6d9ed78fa073406462d5f3b33cc9c198a693fa51f53889ba9f5ef2a498ea3f033ef7cad73b1248e4bad9afcad8246f5b98dcde3435399dca508

  • SSDEEP

    192:zIPPOBM/UfNLh38L6wLLd949+cZaxYPrunqm0LJ4nqBDmwsNSflfBWG+ngBmb:UFUf7ML6hPrDz+KfBWtg0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\resources\app\src\assets\css\index.css
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\resources\app\src\assets\css\index.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads