Analysis

  • max time kernel
    335s
  • max time network
    345s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-11-2024 17:54

General

  • Target

    Danger/requirements.txt

  • Size

    261B

  • MD5

    89116f1c508bfe1d69dfe6c1c3aa7c2e

  • SHA1

    d2127555fb5e4d5a9de9de23e616494d701e794d

  • SHA256

    6741a5c449f96b03e8f593746283c9fa7313c2adffb13c09eed7fbb76395ad16

  • SHA512

    62f3b3c23bb197bb21740563152415f84b4a3e3330f17fa7019a776cee7fe47fae2d991d746c00cdb29cb7bb7d5347f6ae21bdf3f6876f295edf5301a33da481

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\requirements.txt
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\requirements.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads