Analysis

  • max time kernel
    150s
  • max time network
    37s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21-06-2023 11:25

General

  • Target

    carLambo/VQZSJWtbIIIWStAmVeEzG.class

  • Size

    379B

  • MD5

    a4e2d16c78c7dbd4a1fc0a970f011ff6

  • SHA1

    382b68d45b848eefeb0cf4156abcba264456739a

  • SHA256

    18950aa0fefcfa7b437208ecbc3cd903fca1b9534314a86a3d9a63cb68e152fe

  • SHA512

    12a500d28c0f0ae69f19316766bb26727bc105a2f5489df14c3d5cc5f80f055e498de667fec6a1859b1b7973e723ee8650b2446c60bf9c27222648d206e3ceb1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\carLambo\VQZSJWtbIIIWStAmVeEzG.class
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\carLambo\VQZSJWtbIIIWStAmVeEzG.class
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1716
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\carLambo\VQZSJWtbIIIWStAmVeEzG.class"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1732

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    495b6e01bd5cffab18a6c2e1bc3a27e1

    SHA1

    7d5c774d68b351c5f45698c25fe687bdcbb30403

    SHA256

    87f021f90e8d3c795d4c7c6c317705a102cd085809cbf402178ec8dd3ff9a914

    SHA512

    29212b488e703e0ddd36679e548e5aa8e11856deedbf5341ba82dc3d1b1bdf0ceda546bfea0157cfca4da6d20ccb168ce416ac7973457f760395e30ad7b041fd