Analysis Overview
SHA256
b4925cf89244fe0fcd7a70803c93a7890941176d8a8ed41c3bdf513335958d87
Threat Level: Likely benign
The file Trojan-Ransom.Python.ChastityLock-Archived.zip was found to be: Likely benign.
Malicious Activity Summary
One or more HTTP URLs in qr code identified
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-22 23:03
Signatures
One or more HTTP URLs in qr code identified
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-22 23:03
Reported
2024-10-22 23:04
Platform
win11-20241007-en
Max time kernel
10s
Command Line
Signatures
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Python.ChastityLock-Archived.zip"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-22 23:03
Reported
2024-10-22 23:06
Platform
win11-20240802-en
Max time kernel
139s
Max time network
142s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Archived\1.png
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.73.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-22 23:03
Reported
2024-10-22 23:06
Platform
win11-20241007-en
Max time kernel
90s
Max time network
94s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Archived\2.jpg
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-22 23:03
Reported
2024-10-22 23:06
Platform
win11-20241007-en
Max time kernel
91s
Max time network
96s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Archived\3.jpg
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-10-22 23:03
Reported
2024-10-22 23:06
Platform
win11-20241007-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Archived\4.jpg
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-10-22 23:03
Reported
2024-10-22 23:06
Platform
win11-20241007-en
Max time kernel
92s
Max time network
95s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Archived\5.png