Analysis

  • max time kernel
    7s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-11-2024 17:54

General

  • Target

    Danger/Data/Roblox_Gift_Card.txt

  • Size

    32B

  • MD5

    f27fb0dab023e24e4fa64696685c4be2

  • SHA1

    4107f960975c5e67908a6f9a151964d47a4284f3

  • SHA256

    553441de5aed449c3e139871c6a976b772bf19fa67796b500a73aa3a9829a10e

  • SHA512

    0ec38d1a1d5ba6762ed69841291f6452e42e40301f25fc0bbd39d2d606f965a35e7e65489405752a74eb00d2b11f8b8d799ab1804ac96bb9d0f422bc0d0934ae

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Danger\Data\Roblox_Gift_Card.txt
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Danger\Data\Roblox_Gift_Card.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:5420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads