Overview

overview

1

Static

static

1

test.zip

windows10-2004-x64

1

test/1

windows10-2004-x64

1

Analysis

  • max time kernel
    51s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-02-2023 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.zip

  • Size

    461B

  • MD5

    d2a41cdf4c6dde7328fda8b55759c57c

  • SHA1

    ba3e4fd451c6a5ff81757ea41d5d563db5773fb4

  • SHA256

    937dd187c35714e2245b4ee04bb6dfe0335c98a8b6dae4db642a479bdfe6f733

  • SHA512

    b8c993d7ced9fcca72993e1301ba3665ae3612c514a80d1bd17dd9e256726e0f6a616a516dcf313b12c2ce25c560ff70fc21e58660e6d12a02f1128c4cb2e55c

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\test.zip
    1⤵
      PID:4216
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4784
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2124
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\test\test\hello
          2⤵
            PID:2448

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads