Malware Analysis Report

2024-11-30 02:34

Sample ID 241007-t1gxlatfrf
Target rhada_pwsh.txt
SHA256 88cb7c954db8b07a3c50405f106a13327811a476b8640b8c04a2b2952fcee84d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

88cb7c954db8b07a3c50405f106a13327811a476b8640b8c04a2b2952fcee84d

Threat Level: No (potentially) malicious behavior was detected

The file rhada_pwsh.txt was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Opens file in notepad (likely ransom note)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-10-07 16:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-07 16:31

Reported

2024-10-07 21:48

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

126s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\rhada_pwsh.txt

Signatures

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\rhada_pwsh.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A