Overview

overview

7

Static

static

3

dsa.rar

windows10-2004-x64

3

Best Insta...deploy

windows10-2004-x64

3

Best Insta...cation

windows10-2004-x64

1

Best Insta....1.exe

windows10-2004-x64

1

Best Insta...nifest

windows10-2004-x64

3

Best Insta...up.exe

windows10-2004-x64

7

Best Insta...deploy

windows10-2004-x64

3

Best Insta...cation

windows10-2004-x64

1

Best Insta....1.exe

windows10-2004-x64

1

Best Insta...nifest

windows10-2004-x64

3

Best Insta...cation

windows10-2004-x64

1

Best Insta...ip.dll

windows10-2004-x64

1

Best Insta...CE.zip

windows10-2004-x64

1

Best Insta...er.exe

windows10-2004-x64

7

Best Insta...st.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2023 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Best Instagram Bot 4.1/Application Files/98p.ico.deploy

  • Size

    87KB

  • MD5

    a098b32ebc940d092779e2e488036d68

  • SHA1

    d4c85bbdc0b22e4013d7b46b79ce63234a29ee07

  • SHA256

    4ac78ea8f26fcb0ce273e96be03018a73390efefe00a37480f9371712be072c3

  • SHA512

    6dbd7507fa4bf5859b37f0a5b23dc93786251a42ce7cb41d8bb6d315cd364c6efa52a053c09fc7011042f23e77c2e6d8cb7672d47c1429d625325c7c2c4bc5e7

  • SSDEEP

    1536:f+sskTN6tT58MkdHMAJy2haS1i+SbNIGjgnIbuI/kqy+p:WiSTxkNM8hahbNIG0It/kqyG

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Best Instagram Bot 4.1\Application Files\98p.ico.deploy"
    1⤵
    • Modifies registry class
    PID:4996
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Best Instagram Bot 4.1\Application Files\98p.ico.deploy
      2⤵
        PID:3296

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads