27e88a998e03dec84b925232c7fad4095e2bb3cf6093b04fc01b2ac78af84508

Analysis

max time kernel
433s
max time network
456s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
01-02-2025 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Browsers/Passwords.txt
Size

4KB
MD5

cbee70c7b5aadc4fe7802175df1fc803
SHA1

b6f22141e95b8838646655294db3b2449d7c4a35
SHA256

5035a12407d280228c6c2a8b915bec154d3718e6d6f51d5698993a9e5a62caac
SHA512

ad731fb4d51b94a6a4535659a91d2921b6aeb30874bae30ba0a83c33b38fba54d150795fa939be13b6ec7140d4c7d5182c81ed4230982949cf771f9a2261bbe6
SSDEEP

96:ekMz2HbUaS92y9DQR62SqOkSTctUYPF2FsFBl2:efzCbUaS92y9DQR67qOkSItUYPcFsFBU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
460	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5348 wrote to memory of 460	5348	cmd.exe	78
PID 5348 wrote to memory of 460	5348	cmd.exe	78

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Browsers\Passwords.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5348
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Browsers\Passwords.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads