Overview

overview

10

Static

static

10

v2.bin(1).zip

windows10-2004-x64

1

Resubmissions

11-04-2024 17:53

240411-wgrc2agf82 10

11-04-2024 17:50

240411-weydkagf52 10

07-03-2024 21:32

240307-1d2rtafd3x 10

05-03-2024 03:22

240305-dw4ykadb7x 10

26-02-2024 08:40

240226-klbmlahd92 10

25-01-2024 23:42

240125-3p3jlaagej 10

10-10-2023 00:01

231010-aaxetahb7s 10

14-07-2023 13:07

230714-qc385seh7w 10

11-07-2023 13:35

230711-qv314aad81 10

Analysis

  • max time kernel
    34s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-07-2023 13:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    v2.bin(1).zip

  • Size

    73KB

  • MD5

    620fd461cab821f478f7cce1bf06d1ac

  • SHA1

    a083516b5a275a2e9141f68a99ab4878632c5552

  • SHA256

    f442d0543f6df79be9fbaed90af2dedbcf2e4774561421763577b148a9ff8554

  • SHA512

    9ad7d4f17e156e21885c89b242430a06652ea8bdc45b22dc64f23efe8c2f6391ac5556c5e2bd14cf46d5bd8cb8dbb89f714466eef348dcb19ad16f3175dd3117

  • SSDEEP

    1536:yJrdZ1PgFel3BJmc11f0MPxwX5o2CfFGm8SXZRObA:yJJZ1cKxJm+bZGCfFjpRObA

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\v2.bin(1).zip
    1⤵
      PID:4700
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1300
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Are.docx" /o ""
        1⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:5004

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Discovery

      Query Registry

      2
      T1012

      System Information Discovery

      2
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/5004-133-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-134-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-135-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-137-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-138-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-139-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-140-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-136-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-141-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-142-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-143-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-144-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-145-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-146-0x00007FF7EF970000-0x00007FF7EF980000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-147-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-148-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-150-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-149-0x00007FF7EF970000-0x00007FF7EF980000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-151-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-180-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/5004-181-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-183-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-182-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-184-0x00007FF7F19D0000-0x00007FF7F19E0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/5004-185-0x00007FF831950000-0x00007FF831B45000-memory.dmp
        Filesize

        2.0MB

        Download