Overview

overview

1

Static

static

1

kill.txt

windows7-x64

1

kill.txt

windows10-2004-x64

1

Resubmissions

27-08-2024 21:57

240827-1t8kastdkb 8

27-08-2024 21:49

240827-1pfzgsvdqr 10

27-08-2024 21:48

240827-1nrdtsvdnn 1

Analysis

  • max time kernel
    38s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-08-2024 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kill.txt

  • Size

    359B

  • MD5

    98545754fe9fd338cd572f181ee12f8c

  • SHA1

    2271521ad371e968f69c99b885edfed3b202066d

  • SHA256

    d6cffdbabd9097ea78e00aad333491cb9add18e29ffb23a00f6d302bc0a8bd99

  • SHA512

    53bed339b6c0d1d5b898e1ac6c39a07747a888375f86f44ce0c19f4848f28257dc3a512073feb74cedaab9baeab72bcb4ea79094f48f1042585bb45650c5e059

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\kill.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    • Suspicious use of FindShellTrayWindow
    PID:3660
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1480
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\StepMount.mp4"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2992-18-0x00007FF982510000-0x00007FF982544000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2992-17-0x00007FF6EBDF0000-0x00007FF6EBEE8000-memory.dmp

      Filesize

      992KB

      Download

    • memory/2992-19-0x00007FF972E00000-0x00007FF9730B6000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2992-21-0x00007FF970810000-0x00007FF97091E000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2992-20-0x00007FF971390000-0x00007FF972440000-memory.dmp

      Filesize

      16.7MB

      Download