Overview

overview

3

Static

static

1

e-Szigno R...17.crt

windows7-x64

1

e-Szigno R...17.crt

windows10-2004-x64

1

ePKI Root ...ty.crt

windows7-x64

1

ePKI Root ...ty.crt

windows10-2004-x64

1

emSign ECC...C3.crt

windows7-x64

1

emSign ECC...C3.crt

windows10-2004-x64

1

emSign ECC...G3.crt

windows7-x64

1

emSign ECC...G3.crt

windows10-2004-x64

1

emSign Roo...C1.crt

windows7-x64

1

emSign Roo...C1.crt

windows10-2004-x64

1

emSign Roo...G1.crt

windows7-x64

1

emSign Roo...G1.crt

windows10-2004-x64

1

pop-suppor...tar.xz

windows7-x64

3

pop-suppor...tar.xz

windows10-2004-x64

3

pop-suppor...96.tar

windows7-x64

3

pop-suppor...96.tar

windows10-2004-x64

3

apt/history.log

windows7-x64

1

apt/history.log

windows10-2004-x64

1

apt/sources.list

windows7-x64

3

apt/sources.list

windows10-2004-x64

3

apt/source...ources

windows7-x64

3

apt/source...ources

windows10-2004-x64

3

apt/source...ources

windows7-x64

3

apt/source...ources

windows10-2004-x64

3

apt/source...ources

windows7-x64

3

apt/source...ources

windows10-2004-x64

3

apt/term.log

windows7-x64

1

apt/term.log

windows10-2004-x64

1

boot-process-times

windows7-x64

1

boot-process-times

windows10-2004-x64

1

crypttab

windows7-x64

1

crypttab

windows10-2004-x64

1

Resubmissions

30-08-2024 17:58

240830-wkhv3axbkh 8

30-08-2024 17:38

240830-v7p28axcnp 3

30-08-2024 17:34

240830-v5fe1awcrh 1

30-08-2024 17:29

240830-v2wykswbrf 8

30-08-2024 17:24

240830-vywteawape 8

30-08-2024 17:19

240830-vvtvmsvhlg 8

Analysis

  • max time kernel
    143s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-08-2024 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    apt/sources.list.d/system.sources

  • Size

    275B

  • MD5

    eb737b727b93698f910670e5a333c91c

  • SHA1

    750023141ccd9604610a99eca10ea4b19fc34611

  • SHA256

    47681d0338246335b39e31fb15c7ae4680ff531513335a374acb29918eee9a89

  • SHA512

    3c5f03cd7190b17e8a2f94ea4b4de479bcf8303853afaada9fe2a42239d6324842502b661b2a8feb207a8eab98d43d049f4fa18fd424849fa7b9b1826b698b11

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\apt\sources.list.d\system.sources
    1⤵
    • Modifies registry class
    PID:212
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3232
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\apt\sources.list.d\system.sources
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads