Analysis
-
max time kernel
118s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
23-07-2023 10:27
Static task
static1
Behavioral task
behavioral1
Sample
Daisy.rar
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Daisy.rar
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
Daisy/7B639216.exe
Resource
win7-20230712-en
Behavioral task
behavioral4
Sample
Daisy/7B639216.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
Daisy/8488E511.exe
Resource
win7-20230712-en
Behavioral task
behavioral6
Sample
Daisy/8488E511.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
Daisy/A2D0A16E.exe
Resource
win7-20230712-en
General
-
Target
Daisy.rar
-
Size
69.9MB
-
MD5
5428032e105659f7bc89c5aa637145c8
-
SHA1
b882fda8ec20b1b3d0c2cc13cbce33a3f1072400
-
SHA256
ebbe43c09b9b33476cac458bf447ea3b815f76580f094979d1ab5f3b69120f9b
-
SHA512
769f0c238b8015fee15fb628999efb68d10f0a10b135acfb7d9d8e51df08ffff2dd658186205573abd7e1e17ae7b21696db2d91730166cc41839b0e34c0683e3
-
SSDEEP
1572864:mnaprkyUiJPqhWyJs9L947TmRs0ikQoLcJxHg/LvEwfMcGhHu3+:mnagYyJsV947SZQoLcJxyJfhyOu
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
rundll32.exepid process 2804 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2852 wrote to memory of 2804 2852 cmd.exe rundll32.exe PID 2852 wrote to memory of 2804 2852 cmd.exe rundll32.exe PID 2852 wrote to memory of 2804 2852 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Daisy.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Daisy.rar2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam