Overview

overview

3

Static

static

1

ACMobile.U...0.appx

windows7-x64

ACMobile.U...0.appx

windows10-2004-x64

ACMobile.U...6.appx

windows7-x64

ACMobile.U...6.appx

windows10-2004-x64

AppxSignature.p7x

windows7-x64

3

AppxSignature.p7x

windows10-2004-x64

3

ACMobile.U...ge.ps1

windows7-x64

1

ACMobile.U...ge.ps1

windows10-2004-x64

1

Resubmissions

21/04/2023, 18:11

230421-wslxpahc47 3

21/04/2023, 17:23

230421-vylnfaha68 3

21/04/2023, 17:21

230421-vxcddaha62 1

Analysis

  • max time kernel
    61s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2023, 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AppxSignature.p7x

  • Size

    1KB

  • MD5

    ff363a8643bf14f5880c92ebabe873bf

  • SHA1

    5900c9eadb831d0555ea26a77d988e60be49fd51

  • SHA256

    4ab1dbae2e034cae492e3345d619d5b86e99db02b9b251b19f6f0f5f1dc54f7d

  • SHA512

    906db6e23b159832d30d278c92b78fdb16df9d85a42fa6ffb14a7f059c7dfc13f83119013f44f8bcbff6027f2a40903bacc0ca5d6fa8b5b2864328bfefa75e04

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\AppxSignature.p7x
    1⤵
    • Modifies registry class
    PID:4472
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:788

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads