cecc051a6568f2e60daa72a70d81b69c0e929f11503f28904b3204ecd38a7111

Resubmissions

20/04/2025, 09:15

250420-k8b7mstlz9 10

20/04/2025, 09:09

250420-k4v4ystlt6 4

Analysis

max time kernel
216s
max time network
298s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
20/04/2025, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

data/brotli/LICENSE.txt
Size

1KB
MD5

941ee9cd1609382f946352712a319b4b
SHA1

c045813a6c514f2d30d60a07c6aaf3603850e608
SHA256

3d180008e36922a4e8daec11c34c7af264fed5962d07924aea928c38e8663c94
SHA512

bae78184c2f50f86d8c727826d3982c469454c42b9af81f4ef007e39036434fa894cf5be3bf5fc65b7de2301f0a72d067a8186e303327db8a96bd14867e0a3a8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4144164418-4152157973-2926181071-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3276	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 3276	2204	cmd.exe	79
PID 2204 wrote to memory of 3276	2204	cmd.exe	79

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\data\brotli\LICENSE.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\data\brotli\LICENSE.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3276

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads