Overview

overview

3

Static

static

1

e-Szigno R...17.crt

windows7-x64

1

e-Szigno R...17.crt

windows10-2004-x64

1

ePKI Root ...ty.crt

windows7-x64

1

ePKI Root ...ty.crt

windows10-2004-x64

1

emSign ECC...C3.crt

windows7-x64

1

emSign ECC...C3.crt

windows10-2004-x64

1

emSign ECC...G3.crt

windows7-x64

1

emSign ECC...G3.crt

windows10-2004-x64

1

emSign Roo...C1.crt

windows7-x64

1

emSign Roo...C1.crt

windows10-2004-x64

1

emSign Roo...G1.crt

windows7-x64

1

emSign Roo...G1.crt

windows10-2004-x64

1

pop-suppor...tar.xz

windows7-x64

3

pop-suppor...tar.xz

windows10-2004-x64

3

pop-suppor...96.tar

windows7-x64

3

pop-suppor...96.tar

windows10-2004-x64

3

apt/history.log

windows7-x64

1

apt/history.log

windows10-2004-x64

1

apt/sources.list

windows7-x64

3

apt/sources.list

windows10-2004-x64

3

apt/source...ources

windows7-x64

3

apt/source...ources

windows10-2004-x64

3

apt/source...ources

windows7-x64

3

apt/source...ources

windows10-2004-x64

3

apt/source...ources

windows7-x64

3

apt/source...ources

windows10-2004-x64

3

apt/term.log

windows7-x64

1

apt/term.log

windows10-2004-x64

1

boot-process-times

windows7-x64

1

boot-process-times

windows10-2004-x64

1

crypttab

windows7-x64

1

crypttab

windows10-2004-x64

1

Resubmissions

30-08-2024 17:58

240830-wkhv3axbkh 8

30-08-2024 17:38

240830-v7p28axcnp 3

30-08-2024 17:34

240830-v5fe1awcrh 1

30-08-2024 17:29

240830-v2wykswbrf 8

30-08-2024 17:24

240830-vywteawape 8

30-08-2024 17:19

240830-vvtvmsvhlg 8

Analysis

  • max time kernel
    140s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-08-2024 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    apt/sources.list.d/pop-os-release.sources

  • Size

    138B

  • MD5

    cd2f78afacb5f025abd9ba601afae8c9

  • SHA1

    f1b2ce1bbfde1bca975db48a5285baa28fe9c72c

  • SHA256

    74a1ba5f7cabe4c332b4def3af8e3640b29cab15b6ba1acd924c6aec9f40a9cb

  • SHA512

    a701dd000277625b49e3031d8f891f71e34752a4bcb0002289fc5bebfdaa363ed49d4257999e29357cda9df50d6c1c28d8411cad58484a452103ebdf463fbce0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\apt\sources.list.d\pop-os-release.sources
    1⤵
    • Modifies registry class
    PID:4028
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4308
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\apt\sources.list.d\pop-os-release.sources
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads