Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
21-12-2024 14:41
General
-
Target
email_marketing.sql
-
Size
29.1MB
-
MD5
4d41955699846620a6098172ab27bb82
-
SHA1
a8277b2ae601fe9fcc94bd1d6fc508979f9c2fa8
-
SHA256
3703951a8636167f838d7d20208b693d9bcaa1efb4c0422033f175ce6220662f
-
SHA512
b397b1118b53f93f39342ecf8ecd4d34328ee6b5d8878ba9a1ad81bd637f5164488b7f258d5f628b21f23b78646687e5f0e9b0a410b0941490930e26a7d2ca12
-
SSDEEP
24576:Az6Boi/XnRJQzKPKIurr9B/sA2yuC3/3h8qYWyTpkJbM:S6BP/3RJ
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\email_marketing.sql1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\email_marketing.sql2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\email_marketing.sql3⤵
- Opens file in notepad (likely ransom note)
-
-