Overview
overview
7Static
static
3Danger.rar
windows11-21h2-x64
7Danger/#44g.png
windows11-21h2-x64
3Danger/Danger.exe
windows11-21h2-x64
7mainer.pyc
windows11-21h2-x64
3Danger/Dat...rd.txt
windows11-21h2-x64
3Danger/Dat...ds.txt
windows11-21h2-x64
3Danger/Dat...rd.txt
windows11-21h2-x64
3Danger/Dat...ds.txt
windows11-21h2-x64
3Danger/Dat...rd.txt
windows11-21h2-x64
3Danger/launcher.bat
windows11-21h2-x64
1Danger/req...ts.txt
windows11-21h2-x64
3Analysis
-
max time kernel
335s -
max time network
345s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-11-2024 17:54
Behavioral task
behavioral1
Sample
Danger.rar
Resource
win11-20241023-en
Behavioral task
behavioral2
Sample
Danger/#44g.png
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
Danger/Danger.exe
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
mainer.pyc
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
Danger/Data/Amazon_Gift_Card.txt
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
Danger/Data/Ebay_Cards.txt
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
Danger/Data/Fortnite_Gift_Card.txt
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
Danger/Data/Paypal_Cards.txt
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
Danger/Data/Roblox_Gift_Card.txt
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
Danger/launcher.bat
Resource
win11-20241007-en
Behavioral task
behavioral11
Sample
Danger/requirements.txt
Resource
win11-20241007-en
General
-
Target
Danger/requirements.txt
-
Size
261B
-
MD5
89116f1c508bfe1d69dfe6c1c3aa7c2e
-
SHA1
d2127555fb5e4d5a9de9de23e616494d701e794d
-
SHA256
6741a5c449f96b03e8f593746283c9fa7313c2adffb13c09eed7fbb76395ad16
-
SHA512
62f3b3c23bb197bb21740563152415f84b4a3e3330f17fa7019a776cee7fe47fae2d991d746c00cdb29cb7bb7d5347f6ae21bdf3f6876f295edf5301a33da481
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings cmd.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 2876 NOTEPAD.EXE -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1688 wrote to memory of 2876 1688 cmd.exe 82 PID 1688 wrote to memory of 2876 1688 cmd.exe 82
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Danger\requirements.txt1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\requirements.txt2⤵
- Opens file in notepad (likely ransom note)
PID:2876
-