Overview

overview

3

Static

static

1

CSCD339F50...54.tmp

windows7-x64

3

CSCD339F50...54.tmp

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20230220-de
  • resource tags

    arch:x64arch:x86image:win7-20230220-delocale:de-deos:windows7-x64systemwindows
  • submitted
    04-05-2023 08:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CSCD339F509296A4EE7B99FDC2F5338B654.tmp

  • Size

    652B

  • MD5

    7be902b7adb767bd8dff060138063857

  • SHA1

    e51b3b173f0e0ad0cf7fcb47e580df51b00f73d0

  • SHA256

    f3385ac03053e71d494c9e89fb67411fcb1061b2d57d165189d11ba1f113a2ca

  • SHA512

    0b3b9b6182c8a35c2126d27f4a9a2dde2afc1c5552fb1d29858021cfed729c4340d9602fe938074527d78c265a858b4dad11781583c58d9e9f0e9ed34940157e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 10 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\CSCD339F509296A4EE7B99FDC2F5338B654.tmp
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CSCD339F509296A4EE7B99FDC2F5338B654.tmp
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1680
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CSCD339F509296A4EE7B99FDC2F5338B654.tmp"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:1408

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads