Overview

overview

10

Static

static

1

APT 37 Pre...��.hwp

windows7-x64

3

APT 37 Pre...��.hwp

windows10-2004-x64

3

APT 37 Pre...ng.rar

windows7-x64

3

APT 37 Pre...ng.rar

windows10-2004-x64

3

BookBriefing.chm

windows7-x64

10

BookBriefing.chm

windows10-2004-x64

10

APT 37 Pre...26.rar

windows7-x64

3

APT 37 Pre...26.rar

windows10-2004-x64

3

Password.chm

windows7-x64

10

Password.chm

windows10-2004-x64

10

후원내역서.pdf

windows7-x64

1

후원내역서.pdf

windows10-2004-x64

1

APT 37 Pre...CV.rar

windows7-x64

3

APT 37 Pre...CV.rar

windows10-2004-x64

3

APT 37 Pre...05.rar

windows7-x64

3

APT 37 Pre...05.rar

windows10-2004-x64

3

APT 37 Pre...ls.rar

windows7-x64

3

APT 37 Pre...ls.rar

windows10-2004-x64

3

APT 37 Pre...ts.rar

windows7-x64

3

APT 37 Pre...ts.rar

windows10-2004-x64

3

APT 37 Pre...et.rar

windows7-x64

3

APT 37 Pre...et.rar

windows10-2004-x64

3

APT 37 Pre...te.rar

windows7-x64

3

APT 37 Pre...te.rar

windows10-2004-x64

3

APT 37 Pre...��.rar

windows7-x64

3

APT 37 Pre...��.rar

windows10-2004-x64

3

APT 37 Pre...ce.rar

windows7-x64

3

APT 37 Pre...ce.rar

windows10-2004-x64

3

APT 37 Pre...nc.rar

windows7-x64

3

APT 37 Pre...nc.rar

windows10-2004-x64

3

APT 37 Pre...��.hwp

windows7-x64

3

APT 37 Pre...��.hwp

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2023, 23:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    APT 37 Previous Commits 2/CV.rar

  • Size

    243KB

  • MD5

    353370ade2a2491c29f20f07860cf492

  • SHA1

    c4318707fabd8a008bb4ec6e8336a59397909bde

  • SHA256

    68a0f1ce34b6d0e00bc39e95c1a99da13dfee5168b37450e095455aefc90aa69

  • SHA512

    0633cd51b3167cf00c4327cb9d37eaac33ad799b627f8ecb46979b8cd9b369e9d53e88b9b5b3aecec1c9a45cbabfe41e9bcd36117920369c2c92f5902a7d7d4d

  • SSDEEP

    3072:586K3EHqZClMkySNyjGOEEoUQlTx5WfZJhevDdRx+u4tYjf30NtfXoIrL/sd:58uMTiOEEoU19eUxYjvYHzsd

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\APT 37 Previous Commits 2\CV.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\APT 37 Previous Commits 2\CV.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1868
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\APT 37 Previous Commits 2\CV.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1724

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1724-78-0x000000013F8F0000-0x000000013F9E8000-memory.dmp

          Filesize

          992KB

          Download

        • memory/1724-79-0x000007FEF6B20000-0x000007FEF6B54000-memory.dmp

          Filesize

          208KB

          Download

        • memory/1724-80-0x000007FEF65C0000-0x000007FEF6874000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/1724-81-0x000007FEFB940000-0x000007FEFB958000-memory.dmp

          Filesize

          96KB

          Download

        • memory/1724-82-0x000007FEF69D0000-0x000007FEF69E7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1724-83-0x000007FEF69B0000-0x000007FEF69C1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-84-0x000007FEF65A0000-0x000007FEF65B7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1724-85-0x000007FEF6580000-0x000007FEF6591000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-86-0x000007FEF6560000-0x000007FEF657D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/1724-87-0x000007FEF6540000-0x000007FEF6551000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-88-0x000007FEF5420000-0x000007FEF64CB000-memory.dmp

          Filesize

          16.7MB

          Download

        • memory/1724-89-0x000007FEF5220000-0x000007FEF5420000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1724-90-0x000007FEF51E0000-0x000007FEF521F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/1724-91-0x000007FEF6510000-0x000007FEF6531000-memory.dmp

          Filesize

          132KB

          Download

        • memory/1724-92-0x000007FEF51C0000-0x000007FEF51D8000-memory.dmp

          Filesize

          96KB

          Download

        • memory/1724-93-0x000007FEF51A0000-0x000007FEF51B1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-94-0x000007FEF5180000-0x000007FEF5191000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-95-0x000007FEF5160000-0x000007FEF5171000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-96-0x000007FEF5140000-0x000007FEF515B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1724-98-0x000007FEF5100000-0x000007FEF5118000-memory.dmp

          Filesize

          96KB

          Download

        • memory/1724-97-0x000007FEF5120000-0x000007FEF5131000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-100-0x000007FEF5060000-0x000007FEF50C7000-memory.dmp

          Filesize

          412KB

          Download

        • memory/1724-102-0x000007FEF4FD0000-0x000007FEF4FE1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-101-0x000007FEF4FF0000-0x000007FEF505F000-memory.dmp

          Filesize

          444KB

          Download

        • memory/1724-99-0x000007FEF50D0000-0x000007FEF5100000-memory.dmp

          Filesize

          192KB

          Download

        • memory/1724-104-0x000007FEF4F40000-0x000007FEF4F68000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1724-103-0x000007FEF4F70000-0x000007FEF4FC6000-memory.dmp

          Filesize

          344KB

          Download

        • memory/1724-105-0x000007FEF4F10000-0x000007FEF4F34000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1724-106-0x000007FEF4EF0000-0x000007FEF4F07000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1724-110-0x000007FEF4E30000-0x000007FEF4E51000-memory.dmp

          Filesize

          132KB

          Download

        • memory/1724-112-0x000007FEF6FF0000-0x000007FEF7002000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1724-114-0x000007FEF6FC0000-0x000007FEF6FEC000-memory.dmp

          Filesize

          176KB

          Download

        • memory/1724-113-0x000007FEF4CF0000-0x000007FEF4E2B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1724-115-0x000007FEF49D0000-0x000007FEF4B82000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1724-111-0x000007FEF7010000-0x000007FEF7023000-memory.dmp

          Filesize

          76KB

          Download

        • memory/1724-118-0x000007FEF4930000-0x000007FEF49C7000-memory.dmp

          Filesize

          604KB

          Download

        • memory/1724-119-0x000007FEF4BE0000-0x000007FEF4BF2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1724-120-0x000007FEF46F0000-0x000007FEF4921000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/1724-117-0x000007FEF4CD0000-0x000007FEF4CE1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-122-0x000007FEF4590000-0x000007FEF45C5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/1724-124-0x000007FEF44D0000-0x000007FEF44E1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-123-0x000007FEF4BB0000-0x000007FEF4BD5000-memory.dmp

          Filesize

          148KB

          Download

        • memory/1724-121-0x000007FEF45D0000-0x000007FEF46E2000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1724-126-0x000007FEF4440000-0x000007FEF4451000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-125-0x000007FEF4460000-0x000007FEF44C1000-memory.dmp

          Filesize

          388KB

          Download

        • memory/1724-116-0x000007FEF6F60000-0x000007FEF6FBC000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1724-109-0x000007FEF4E60000-0x000007FEF4E72000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1724-129-0x000007FEF3CC0000-0x000007FEF3D5F000-memory.dmp

          Filesize

          636KB

          Download

        • memory/1724-131-0x000007FEF3640000-0x000007FEF3742000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/1724-133-0x000007FEF3600000-0x000007FEF3611000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-134-0x000007FEF3570000-0x000007FEF3581000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-132-0x000007FEF3620000-0x000007FEF3631000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-135-0x000007FEF3550000-0x000007FEF3562000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1724-137-0x000007FEF3510000-0x000007FEF3526000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1724-139-0x000007FEF34C0000-0x000007FEF34D2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1724-140-0x000007FEF34A0000-0x000007FEF34B1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-141-0x000007FEF3480000-0x000007FEF3491000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-138-0x000007FEF34E0000-0x000007FEF3509000-memory.dmp

          Filesize

          164KB

          Download

        • memory/1724-136-0x000007FEF3530000-0x000007FEF3548000-memory.dmp

          Filesize

          96KB

          Download

        • memory/1724-130-0x000007FEF3750000-0x000007FEF3761000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-128-0x000007FEF3F90000-0x000007FEF3FA3000-memory.dmp

          Filesize

          76KB

          Download

        • memory/1724-127-0x000007FEF4420000-0x000007FEF4432000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1724-108-0x000007FEF4EA0000-0x000007FEF4EB1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1724-107-0x000007FEF4EC0000-0x000007FEF4EE3000-memory.dmp

          Filesize

          140KB

          Download