Overview

overview

3

Static

static

1

forkmac.bash

windows7-x64

3

forkmac.bash

windows10-2004-x64

3

Resubmissions

22-07-2023 21:52

230722-1q75cscg21 1

22-07-2023 21:51

230722-1qwrbscg2w 1

22-07-2023 21:47

230722-1nkahscc23 1

22-07-2023 21:47

230722-1m8ayscb95 1

22-07-2023 21:46

230722-1mrcfacb86 1

22-07-2023 21:44

230722-1lzx7acf6w 3

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-07-2023 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    forkmac.bash

  • Size

    729B

  • MD5

    fb02bec117fc83684733e49806119745

  • SHA1

    b7df5af147d3162057b77c3d221e2b34b7a7d4c5

  • SHA256

    2f3bea989da16a18dabd8461bf0e1e1b24d0edeb163988ed440888a1af6f3ac3

  • SHA512

    492d21791e07838c637a9563fa952b74319ff1c41977aa6ee697497fe4429c3e78415c50d48def49ba7789aaa17700f19104b07b229f1e47546f27cc5669cee7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\forkmac.bash
    1⤵
    • Modifies registry class
    PID:1876
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads