Overview

overview

3

Static

static

1

AIDA64.rar

windows7-x64

3

AIDA64.rar

windows10-2004-x64

3

Analysis

  • max time kernel
    127s
  • max time network
    56s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11-02-2023 04:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AIDA64.rar

  • Size

    12.0MB

  • MD5

    5d2f0464db1a5fb3bd7c22e6d66d0ba5

  • SHA1

    4cc58c0b42d62e9ea8ea85c2c556b48c271216d7

  • SHA256

    4f0c6aed9b8128a42f877c1e3449691c0693626a8bc280d7b88dec69b75e077e

  • SHA512

    21263259f25e2996dd96c73509a4e0c19c3044a34fdc2c53698e6b43a06b892bc3cab9437de10b929eff9f3411d7e72a7d91de0ed7378dbbe04c33c79157449d

  • SSDEEP

    393216:4oI445DfU49EhG/xjg1e8aTR3uosAlQJvveWaVu1CURs0:fUUeEM5Ye5R3hsNJt/Rs0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\AIDA64.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:240
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AIDA64.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:880
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\AIDA64.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:468

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/240-54-0x000007FEFB6D1000-0x000007FEFB6D3000-memory.dmp

    Filesize

    8KB

    Download