Overview

overview

7

Static

static

7

Spotify.apk

android-10-x64

TZDB.dat

windows7-x64

3

TZDB.dat

windows10-2004-x64

3

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

blit_verte...r.glsl

windows7-x64

3

blit_verte...r.glsl

windows10-2004-x64

3

copy_exter...r.glsl

windows7-x64

3

copy_exter...r.glsl

windows10-2004-x64

3

event_page...e.json

windows7-x64

3

event_page...e.json

windows10-2004-x64

3

licenses.html

windows7-x64

1

licenses.html

windows10-2004-x64

1

looking-fo...r.json

windows7-x64

3

looking-fo...r.json

windows10-2004-x64

3

quicksilve...ace.js

windows7-x64

1

quicksilve...ace.js

windows10-2004-x64

1

response.json

windows7-x64

3

response.json

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2023, 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TZDB.dat

  • Size

    106KB

  • MD5

    e314e9113f4ea45b7f5a8cebe4abbf6e

  • SHA1

    22b76beec008a1e7dc632511c95c4b25c3cd5a05

  • SHA256

    566a0b633337ed0de7eb3aed5c8f9da6ac9b0116e64236adb80a5a0bc5bd3323

  • SHA512

    31d84f3011f3e45db08fa9c7c17c6a47d3de1096d8c91bb6e1e2d9e2061cd41d53254fa6269d4bfeb47c1a441ce79680ec5a36d288f0c69778376c251bf2fde1

  • SSDEEP

    1536:O0EJemoJVUjBM+c3eQDyDnKZbrwHKC/////dLwfJwYjeH3LXJiaNc:OuJqdOByWbrwHLUfJ2H3LZ/u

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\TZDB.dat
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TZDB.dat
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\TZDB.dat"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    03b812887a3c584ff77f21d305035d8e

    SHA1

    9a8dcde3ca4e5c9841fac63b65115b4d12f8916a

    SHA256

    3a8c8fc099f91d80d78e2247c1d0356df3b952578bb471cde25a0a441f4b3119

    SHA512

    6f7c61444c903c81e8f24e28424aa6463ccd077c92a268c95a4d7f3457d68c019105156529f65d94a571091f2e6a61a6207e8f6c2403be932bbe79c8ebb14b33

    Download Submit