Overview

overview

3

Static

static

1

e-Szigno R...17.crt

windows7-x64

1

e-Szigno R...17.crt

windows10-2004-x64

1

ePKI Root ...ty.crt

windows7-x64

1

ePKI Root ...ty.crt

windows10-2004-x64

1

emSign ECC...C3.crt

windows7-x64

1

emSign ECC...C3.crt

windows10-2004-x64

1

emSign ECC...G3.crt

windows7-x64

1

emSign ECC...G3.crt

windows10-2004-x64

1

emSign Roo...C1.crt

windows7-x64

1

emSign Roo...C1.crt

windows10-2004-x64

1

emSign Roo...G1.crt

windows7-x64

1

emSign Roo...G1.crt

windows10-2004-x64

1

pop-suppor...tar.xz

windows7-x64

3

pop-suppor...tar.xz

windows10-2004-x64

3

pop-suppor...96.tar

windows7-x64

3

pop-suppor...96.tar

windows10-2004-x64

3

apt/history.log

windows7-x64

1

apt/history.log

windows10-2004-x64

1

apt/sources.list

windows7-x64

3

apt/sources.list

windows10-2004-x64

3

apt/source...ources

windows7-x64

3

apt/source...ources

windows10-2004-x64

3

apt/source...ources

windows7-x64

3

apt/source...ources

windows10-2004-x64

3

apt/source...ources

windows7-x64

3

apt/source...ources

windows10-2004-x64

3

apt/term.log

windows7-x64

1

apt/term.log

windows10-2004-x64

1

boot-process-times

windows7-x64

1

boot-process-times

windows10-2004-x64

1

crypttab

windows7-x64

1

crypttab

windows10-2004-x64

1

Resubmissions

30-08-2024 17:58

240830-wkhv3axbkh 8

30-08-2024 17:38

240830-v7p28axcnp 3

30-08-2024 17:34

240830-v5fe1awcrh 1

30-08-2024 17:29

240830-v2wykswbrf 8

30-08-2024 17:24

240830-vywteawape 8

30-08-2024 17:19

240830-vvtvmsvhlg 8

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-08-2024 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    apt/sources.list.d/pop-os-apps.sources

  • Size

    131B

  • MD5

    60ce88c39bef4c7bd3d92da9e7884b38

  • SHA1

    565dc6845bf1432eadd9c1a0d4c1d31c8191ab3c

  • SHA256

    643b590f1d408d65ebbfea15b9864a338aeba6f28f09c8eee9e5c509f3abbc49

  • SHA512

    8d04cc73a3e4a9781bc6db3293e1f5ba2733da282c1481771f81dc5c5677ca8947dd496572fab0ececb842f5617538696e1a46fdba4b71969348942d9066325e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\apt\sources.list.d\pop-os-apps.sources
    1⤵
    • Modifies registry class
    PID:1780
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\apt\sources.list.d\pop-os-apps.sources
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads