Analysis
-
max time kernel
71s -
max time network
66s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
22-08-2024 23:44
General
-
Target
NotRansomWare.exe
-
Size
35.9MB
-
MD5
d46672a4b89f7441e0fa1f2021f1df2e
-
SHA1
3fdb64839b9bf779790bf3540170fa2aefa98be3
-
SHA256
4831c05c4abcbfd5f04b42049174191446fb1364df0476ee6f48ef52a3ce604d
-
SHA512
cc96a5f62c8577fd3492764cb9b63ecd47391c5987fe3ebec7de106ba657a19acc973c6d93a0c24eb541eba04413a0e558465ced5007d150170901affde858d5
-
SSDEEP
393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfH:fMguj8Q4Vfv3qFTrYw
Score
1/10
Malware Config
Signatures
-
Modifies registry class 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NotRansomWare.exe"C:\Users\Admin\AppData\Local\Temp\NotRansomWare.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "notepad C:\Users\Admin/Desktop/rnote.txt"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\notepad.exenotepad C:\Users\Admin/Desktop/rnote.txt3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21B
MD552cdb01b6b961c7604cc7098bf131461
SHA1f1aa48209b0fd13a1ef31d4d775a9d65ce9a33c3
SHA2568f9d6f4f8579c389d36258286ca30275f74d063eb9c20d1971541ec8a17b9783
SHA512c2c11c7de7bc2ce75fbb3fc011272c511b55c59477f8f09bae59c8caf79a1000b28519606cc13db76b20ae233eba2a1222461123c5cd71d9fece6149fbc2d494