Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
24-07-2023 21:02
General
-
Target
dgYoooUm.au3
-
Size
751KB
-
MD5
851bdfe9ea52b59d50b8d2de086921c9
-
SHA1
5a1585479349ab9a64134ce4a3063b513aabb9ce
-
SHA256
09bf1b88716c49a62cb4ff708f7ff4f09cb7c3ff42e58661802cd66f1a2a0311
-
SHA512
9e4f76d45d9eefea10a207b53b771887064012423133d6ba04a0591abf1ac15a4b100a23df74d7a51edb86ec766ec2de4b416c7a13986fb9a8511efe1ea1162b
-
SSDEEP
12288:S7k7ag2ZA0BSemCiZUYeaFCjWuweGqJ/4QDHrii6OoM:SeD2SHeWuwItWiloM
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\dgYoooUm.au31⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dgYoooUm.au32⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dgYoooUm.au3"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56027015483c511a21569a3805d09f9f4
SHA1ecbd3da7eff01d59264070cbeb699042d779e08a
SHA256f906e63e02602599838f8a363609f66db2c2516e6baf3bb21f3a35cafd150165
SHA512c531f10b5e8cdb00e3289b53b78d981398951ef7cbe51f8b81bd9aca26caaebebb987ec8cf04ab8256c90f3533ac532e8cde89fca3f478a351fec9a344d599c4