Malware Analysis Report

2024-11-30 02:17

Sample ID 241103-s1h9zsybln
Target boobee.txt
SHA256 35dcb543ce32c17153d4401abc5da15d8c8db7b16d72c6e6dfe993eabcc87f86
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

35dcb543ce32c17153d4401abc5da15d8c8db7b16d72c6e6dfe993eabcc87f86

Threat Level: No (potentially) malicious behavior was detected

The file boobee.txt was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Opens file in notepad (likely ransom note)

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-03 15:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-03 15:35

Reported

2024-11-03 15:35

Platform

win10ltsc2021-20241023-en

Max time kernel

1s

Max time network

5s

Command Line

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\boobee.txt

Signatures

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\boobee.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 138.11.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

N/A