Overview

overview

10

Static

static

8

1.rar

windows7-x64

3

1.rar

windows10-2004-x64

3

Ehhbsuuemv.exe

windows7-x64

10

Ehhbsuuemv.exe

windows10-2004-x64

10

GjIEmKW.exe

windows7-x64

10

GjIEmKW.exe

windows10-2004-x64

10

Jtvcsfni.exe

windows7-x64

10

Jtvcsfni.exe

windows10-2004-x64

10

OriginalBuild.exe

windows7-x64

1

OriginalBuild.exe

windows10-2004-x64

8

PUMPED_docc.exe

windows7-x64

10

PUMPED_docc.exe

windows10-2004-x64

10

Servicing-...te.pdf

windows7-x64

1

Servicing-...te.pdf

windows10-2004-x64

1

cgu3.rar

windows7-x64

3

cgu3.rar

windows10-2004-x64

3

debt.rtf.rar

windows7-x64

3

debt.rtf.rar

windows10-2004-x64

3

eeee.dotm

windows7-x64

1

eeee.dotm

windows10-2004-x64

1

egor.dotm

windows7-x64

10

egor.dotm

windows10-2004-x64

10

errr.dotm

windows7-x64

1

errr.dotm

windows10-2004-x64

1

example.dotm

windows7-x64

10

example.dotm

windows10-2004-x64

10

fasfs.dotm

windows7-x64

10

fasfs.dotm

windows10-2004-x64

10

ferrr.dotm

windows7-x64

1

ferrr.dotm

windows10-2004-x64

1

fffffffnew.dotm

windows7-x64

10

fffffffnew.dotm

windows10-2004-x64

10

Analysis

  • max time kernel
    178s
  • max time network
    71s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16/06/2023, 18:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    debt.rtf.rar

  • Size

    957B

  • MD5

    a776d916e80f88a16f578e8e3e787350

  • SHA1

    dd9bd73eb6a93cd007c936a519ec90d445f58761

  • SHA256

    4da5078a5bde869ade2cdb93d36a321d2a9996ac9ab940cac9f8516794e1705a

  • SHA512

    24264cc04ede49113f359aea23a20fa3f2c4b0f69330639d6fbcfb58ddc447bf318cc2c6a42619d2d0fd5cf95ffe839071a7e8c2a007f3419ca3a16c5d8516e3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\debt.rtf.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\debt.rtf.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:576
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\debt.rtf.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1652

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1652-78-0x000000013F0E0000-0x000000013F1D8000-memory.dmp

          Filesize

          992KB

          Download

        • memory/1652-79-0x000007FEF6F40000-0x000007FEF6F74000-memory.dmp

          Filesize

          208KB

          Download

        • memory/1652-80-0x000007FEF6510000-0x000007FEF67C4000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/1652-81-0x000007FEFB380000-0x000007FEFB398000-memory.dmp

          Filesize

          96KB

          Download

        • memory/1652-82-0x000007FEF6F20000-0x000007FEF6F37000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1652-83-0x000007FEF6F00000-0x000007FEF6F11000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-84-0x000007FEF6960000-0x000007FEF6977000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1652-85-0x000007FEF6940000-0x000007FEF6951000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-86-0x000007FEF6920000-0x000007FEF693D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/1652-87-0x000007FEF6900000-0x000007FEF6911000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-88-0x000007FEF53E0000-0x000007FEF648B000-memory.dmp

          Filesize

          16.7MB

          Download

        • memory/1652-89-0x000007FEF51E0000-0x000007FEF53E0000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1652-90-0x000007FEF64D0000-0x000007FEF650F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/1652-91-0x000007FEF51B0000-0x000007FEF51D1000-memory.dmp

          Filesize

          132KB

          Download

        • memory/1652-92-0x000007FEF5190000-0x000007FEF51A8000-memory.dmp

          Filesize

          96KB

          Download

        • memory/1652-93-0x000007FEF5170000-0x000007FEF5181000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-94-0x000007FEF5150000-0x000007FEF5161000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-95-0x000007FEF5130000-0x000007FEF5141000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-96-0x000007FEF5110000-0x000007FEF512B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/1652-97-0x000007FEF50F0000-0x000007FEF5101000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-98-0x000007FEF50D0000-0x000007FEF50E8000-memory.dmp

          Filesize

          96KB

          Download

        • memory/1652-99-0x000007FEF50A0000-0x000007FEF50D0000-memory.dmp

          Filesize

          192KB

          Download

        • memory/1652-100-0x000007FEF5030000-0x000007FEF5097000-memory.dmp

          Filesize

          412KB

          Download

        • memory/1652-101-0x000007FEF4FC0000-0x000007FEF502F000-memory.dmp

          Filesize

          444KB

          Download

        • memory/1652-102-0x000007FEF4FA0000-0x000007FEF4FB1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-103-0x000007FEF4F40000-0x000007FEF4F96000-memory.dmp

          Filesize

          344KB

          Download

        • memory/1652-104-0x000007FEF4F10000-0x000007FEF4F38000-memory.dmp

          Filesize

          160KB

          Download

        • memory/1652-105-0x000007FEF4EC0000-0x000007FEF4EE4000-memory.dmp

          Filesize

          144KB

          Download

        • memory/1652-106-0x000007FEF4EA0000-0x000007FEF4EB7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1652-107-0x000007FEF4E70000-0x000007FEF4E93000-memory.dmp

          Filesize

          140KB

          Download

        • memory/1652-108-0x000007FEF4E50000-0x000007FEF4E61000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-109-0x000007FEF4E30000-0x000007FEF4E42000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1652-110-0x000007FEF4D30000-0x000007FEF4D51000-memory.dmp

          Filesize

          132KB

          Download

        • memory/1652-111-0x000007FEF4D10000-0x000007FEF4D23000-memory.dmp

          Filesize

          76KB

          Download

        • memory/1652-112-0x000007FEF4CF0000-0x000007FEF4D02000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1652-113-0x000007FEF4BB0000-0x000007FEF4CEB000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1652-114-0x000007FEF4B80000-0x000007FEF4BAC000-memory.dmp

          Filesize

          176KB

          Download

        • memory/1652-115-0x000007FEF49C0000-0x000007FEF4B72000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1652-116-0x000007FEF48C0000-0x000007FEF491C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/1652-117-0x000007FEF40A0000-0x000007FEF40B1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-118-0x000007FEF4000000-0x000007FEF4097000-memory.dmp

          Filesize

          604KB

          Download

        • memory/1652-119-0x000007FEF3FE0000-0x000007FEF3FF2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1652-120-0x000007FEF3DA0000-0x000007FEF3FD1000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/1652-121-0x000007FEF3C80000-0x000007FEF3D92000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1652-122-0x000007FEF3C40000-0x000007FEF3C75000-memory.dmp

          Filesize

          212KB

          Download

        • memory/1652-123-0x000007FEF3C10000-0x000007FEF3C35000-memory.dmp

          Filesize

          148KB

          Download

        • memory/1652-124-0x000007FEF3BF0000-0x000007FEF3C01000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-125-0x000007FEF3B80000-0x000007FEF3BE1000-memory.dmp

          Filesize

          388KB

          Download

        • memory/1652-126-0x000007FEF3B60000-0x000007FEF3B71000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-127-0x000007FEF3B40000-0x000007FEF3B52000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1652-128-0x000007FEF3B20000-0x000007FEF3B33000-memory.dmp

          Filesize

          76KB

          Download

        • memory/1652-129-0x000007FEF3A80000-0x000007FEF3B1F000-memory.dmp

          Filesize

          636KB

          Download

        • memory/1652-130-0x000007FEF3A60000-0x000007FEF3A71000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-131-0x000007FEF3950000-0x000007FEF3A52000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/1652-132-0x000007FEF3930000-0x000007FEF3941000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-133-0x000007FEF3910000-0x000007FEF3921000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-134-0x000007FEF38F0000-0x000007FEF3901000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-135-0x000007FEF38D0000-0x000007FEF38E2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1652-136-0x000007FEF38B0000-0x000007FEF38C8000-memory.dmp

          Filesize

          96KB

          Download

        • memory/1652-137-0x000007FEF3890000-0x000007FEF38A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1652-138-0x000007FEF3860000-0x000007FEF3889000-memory.dmp

          Filesize

          164KB

          Download

        • memory/1652-139-0x000007FEF3840000-0x000007FEF3852000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1652-140-0x000007FEF3820000-0x000007FEF3831000-memory.dmp

          Filesize

          68KB

          Download

        • memory/1652-141-0x000007FEF3800000-0x000007FEF3811000-memory.dmp

          Filesize

          68KB

          Download