Analysis
-
max time kernel
94s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21-11-2024 22:31
Static task
static1
Behavioral task
behavioral1
Sample
976e459097d02ba60e08c872cd4e997b8ffde163a3bd7bb4abef17d455b62ed8.iso
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
976e459097d02ba60e08c872cd4e997b8ffde163a3bd7bb4abef17d455b62ed8.iso
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Revised Invoice #03252022.vbs
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Revised Invoice #03252022.vbs
Resource
win10v2004-20241007-en
General
-
Target
976e459097d02ba60e08c872cd4e997b8ffde163a3bd7bb4abef17d455b62ed8.iso
-
Size
54KB
-
MD5
49e864fe28310b2adc782a975aaa5b67
-
SHA1
82a9e71eccabf7675a333b9f4fdc99a85634bfbc
-
SHA256
976e459097d02ba60e08c872cd4e997b8ffde163a3bd7bb4abef17d455b62ed8
-
SHA512
381a1f47fe57a996fbaa56ee1b43b8260f7d3bbc9346be68114fe7977b283d0aa2d340291745d2683ca45a0e3232efbe644a5539f3756c28b24ba36cf63857ad
-
SSDEEP
48:5Au412WV1OS11DJ1OS11Dn2nI25P1ZQOAQUt:5cp1np1gI2F1u/L
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings cmd.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeManageVolumePrivilege 1588 cmd.exe Token: SeManageVolumePrivilege 1588 cmd.exe