Overview

overview

8

Static

static

3

Internet D...R].zip

windows11-21h2-x64

1

Internet D....7.zip

windows11-21h2-x64

1

Changelog.txt

windows11-21h2-x64

3

IDM_6.4x_C....7.exe

windows11-21h2-x64

8

Internet D...me.txt

windows11-21h2-x64

3

Internet D...19.exe

windows11-21h2-x64

4

Internet D...9f.exe

windows11-21h2-x64

4

Analysis

  • max time kernel
    1701s
  • max time network
    1706s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/08/2024, 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Changelog.txt

  • Size

    6KB

  • MD5

    c7cdf298b248180d987227fd063c65a6

  • SHA1

    15b4c7b778b15bf034593f51632e38b51db01422

  • SHA256

    69e6385f6ed7d9028e1574a67d76b0b077cc28e6aa833da7e4ada043fa4f34a4

  • SHA512

    27a1a00ba24e2056d306eca82eb1c3d69ee6097e24724dfba173bb6e95cd5ea6bc7b469d3824dcf97b825c799152cb34f5627984314033a672ff8f2adfdea151

  • SSDEEP

    96:0QqGqiiYmEDfE3jCVxE/+86p3xiOn1Zucp3pn09bDGuUO8vJY1h4Lx:0QdviYzDfI+8W3bZvpZnq3GuUUj4t

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Changelog.txt
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3112
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Changelog.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:5116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads