Analysis
-
max time kernel
151s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
26-05-2023 23:33
General
-
Target
English/English/dialog.rcf
-
Size
165.0MB
-
MD5
da274fc3bacfd0a4acd9d40b9ffb5d40
-
SHA1
6ad3395b95d33120fb32296575cc02aced6b7313
-
SHA256
4ff3745ba8bfa31c46940a69216beea8eff8c4b3f87d4aec56bad84e22c26869
-
SHA512
f528d3dc5b8a57357a5456b5113dea796c4c2dfdf9743b26cce6a7ab231cf5b4da6f470109dc167da5360e02117803a036cd04df5f4d30ea5dc117e04ad3e521
-
SSDEEP
3145728:3pTDuNgzvGVtfS3SwFyKtJUwWtBwAt13Lf7Yoy8AJSolzYv4chu:ZTugzOVaFVoDt1zYT8ApxYTu
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\English\English\dialog.rcf1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\English\English\dialog.rcf2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\English\English\dialog.rcf"3⤵
- Suspicious use of SetWindowsHookEx
-
-