Overview

overview

10

Static

static

3

Book_A4_PDF.rar

windows7-x64

3

Book_A4_PDF.rar

windows10-2004-x64

3

book_532859.exe

windows7-x64

10

book_532859.exe

windows10-2004-x64

10

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

lang/de/MI...ES.dll

windows7-x64

1

lang/de/MI...ES.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2023 07:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Book_A4_PDF.rar

  • Size

    18.9MB

  • MD5

    0d3281406514b68d76d91e04012d0975

  • SHA1

    e7b0cc8cb6488979652e94e240883aec8e6f8326

  • SHA256

    f1bff435d395515d6905b6e379eaefd63e38bb50c327b82c48e3d382039ae0db

  • SHA512

    bbaa240c4adbe6634349a59ad8cdd4f0bff35a6a5557e5287ba59c74b06bad856046761b17b4b21690c71f61244d5a1ef0dc6e98704aa43c45adfc9a84f75b24

  • SSDEEP

    393216:JmxaQ0TVATIelVjep4b0xu28eAiCYiJVFHUV0Y9lrwKzoKb3Bf:YD0TrelpepW0xu28ei/7CKY9B1B7Bf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Book_A4_PDF.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Book_A4_PDF.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1968
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Book_A4_PDF.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1156-77-0x000000013F080000-0x000000013F178000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1156-78-0x000007FEF6E60000-0x000007FEF6E94000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1156-79-0x000007FEF5FA0000-0x000007FEF6254000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1156-80-0x000007FEF7C00000-0x000007FEF7C18000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1156-81-0x000007FEF6D10000-0x000007FEF6D27000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1156-83-0x000007FEF68F0000-0x000007FEF6907000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1156-82-0x000007FEF6910000-0x000007FEF6921000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1156-84-0x000007FEF6760000-0x000007FEF6771000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1156-85-0x000007FEF65F0000-0x000007FEF660D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1156-86-0x000007FEF65D0000-0x000007FEF65E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1156-87-0x000007FEF5320000-0x000007FEF5520000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1156-88-0x000007FEF52E0000-0x000007FEF531F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1156-89-0x000007FEF4230000-0x000007FEF52DB000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1156-90-0x000007FEF4200000-0x000007FEF4221000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1156-91-0x000007FEF41E0000-0x000007FEF41F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1156-92-0x000007FEF41C0000-0x000007FEF41D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1156-93-0x000007FEF41A0000-0x000007FEF41B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1156-94-0x000007FEF4180000-0x000007FEF4191000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1156-96-0x000007FEF4140000-0x000007FEF4151000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1156-95-0x000007FEF4160000-0x000007FEF417B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1156-97-0x000007FEF4120000-0x000007FEF4138000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1156-98-0x000007FEF40F0000-0x000007FEF4120000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1156-99-0x000007FEF4080000-0x000007FEF40E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1156-100-0x000007FEF4010000-0x000007FEF407F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/1156-101-0x000007FEF3FF0000-0x000007FEF4001000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1156-102-0x000007FEF3F90000-0x000007FEF3FE6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1156-103-0x000007FEF5F70000-0x000007FEF5F98000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1156-104-0x000007FEF5F10000-0x000007FEF5F34000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1156-105-0x000007FEF5EF0000-0x000007FEF5F07000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1156-106-0x000007FEF5EC0000-0x000007FEF5EE3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1156-107-0x000007FEF5EA0000-0x000007FEF5EB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1156-108-0x000007FEF5E80000-0x000007FEF5E92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1156-109-0x000007FEF5E50000-0x000007FEF5E71000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1156-110-0x000007FEF5E30000-0x000007FEF5E43000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1156-111-0x000007FEF5E10000-0x000007FEF5E22000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1156-112-0x000007FEF5CD0000-0x000007FEF5E0B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1156-113-0x000007FEF5CA0000-0x000007FEF5CCC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1156-114-0x000007FEF3DD0000-0x000007FEF3F82000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1156-127-0x000007FEF4230000-0x000007FEF52DB000-memory.dmp

    Filesize

    16.7MB

    Download