af3b9d5de82a924b2177d69965dff7cb98f5adca28dd4a50e844d96dadd528d1

Resubmissions

01/09/2024, 07:00

240901-hs2fgsvall 5

28/08/2024, 19:09

240828-xt1yns1era 10

28/08/2024, 19:05

240828-xrz9csshnl 10

Analysis

max time kernel
4s
max time network
7s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01/09/2024, 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

razspy.exe
Size

17KB
MD5

c9122b326a11741382964a64acbbb43e
SHA1

216bac6bee35ce03407349a23eb6a618bf95082d
SHA256

af3b9d5de82a924b2177d69965dff7cb98f5adca28dd4a50e844d96dadd528d1
SHA512

1fcc4fd64ca6eaeeee0be91d4bc067bed2f5e6716d05a2a74b90e702b1110d8cb81d32995ffededc0a67fc3ed725df3cad8424ddc17a33c7a040902687ab6102
SSDEEP

192:3YQ9IeQOGWJvSdDk9iMeqh6c+e0zigZIkGoskKjgEDkZ5qcL/e3Q5tfuNKA:3YQmeQLWJvlI/DvzAZDg7m39

Score

5^/10

ransomware

Malware Config

Signatures

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpaper.png"	razspy.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\razspy.exe
"C:\Users\Admin\AppData\Local\Temp\razspy.exe"
1⤵
- Sets desktop wallpaper using registry
PID:3672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact