Analysis
-
max time kernel
149s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
21-04-2023 15:54
General
-
Target
Server.exe
-
Size
30KB
-
MD5
e90e802ff8697b809263ff71ad5e137a
-
SHA1
d1dd68039fe3ce0227248cd3fd294dd36c54fd62
-
SHA256
965fc07bb917ca4a4ef194a24ea0770e325ad0a525c7bc91db9e03eeb4a08e0f
-
SHA512
fc2dba32f61c8fa3c479f20bbca351d538cdc20f78084be6b06a83b1af34c9a9092fd8abec10801858519ee2ad7e1dc0708c732464dee41d632092107f848430
-
SSDEEP
384:5Ap/heiHOZMvLZPR6Vb9iETcEaoA/vOCVN8pSIw39q0rDP2kMK6KUkyoseNegUT6:S33TZPR6V8os/vO3oDJ0pGNo6Ym
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\apps2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\apps"3⤵
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD5e90e802ff8697b809263ff71ad5e137a
SHA1d1dd68039fe3ce0227248cd3fd294dd36c54fd62
SHA256965fc07bb917ca4a4ef194a24ea0770e325ad0a525c7bc91db9e03eeb4a08e0f
SHA512fc2dba32f61c8fa3c479f20bbca351d538cdc20f78084be6b06a83b1af34c9a9092fd8abec10801858519ee2ad7e1dc0708c732464dee41d632092107f848430
-
Filesize
56KB
-
Filesize
512KB