Overview

overview

8

Static

static

1

Geradores_3.rar

windows7-x64

3

Geradores_3.rar

windows10-2004-x64

8

Analysis

  • max time kernel
    288s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18-08-2023 00:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Geradores_3.rar

  • Size

    8.1MB

  • MD5

    a48a1c5ca604125a30968cabf9389717

  • SHA1

    f9a43bef80f1c4093fb268f45c2abe0e992562a2

  • SHA256

    c7e6d3cc1d08a1554f05165849fd51053471da4fd14e6bae6e1eba74cecc7643

  • SHA512

    f27df657ecaf3ff73af8c13fb335777656f859ea2b119aa63c7d3f7254b39d66acf13ecc6fbf0b1e245f61bdd567647a90a45cc9e5c4bb07a6652278f1a4a0b8

  • SSDEEP

    196608:YX1aUva4eAiCIjNxO6jn838PB9+PM26BtWdS:W9VJ8y+n8yB9t/WdS

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Geradores_3.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Geradores_3.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:296
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Geradores_3.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2460-78-0x000000013FF60000-0x0000000140058000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2460-79-0x000007FEFB3C0000-0x000007FEFB3F4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2460-80-0x000007FEF6440000-0x000007FEF66F4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2460-81-0x000007FEFBFB0000-0x000007FEFBFC8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2460-82-0x000007FEFB3A0000-0x000007FEFB3B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2460-83-0x000007FEF7E50000-0x000007FEF7E61000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-84-0x000007FEF7DA0000-0x000007FEF7DB7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2460-85-0x000007FEF7D80000-0x000007FEF7D91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-86-0x000007FEF7D60000-0x000007FEF7D7D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2460-87-0x000007FEF7CC0000-0x000007FEF7CD1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-88-0x000007FEF6240000-0x000007FEF6440000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2460-89-0x000007FEF7C80000-0x000007FEF7CBF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2460-90-0x000007FEF4BD0000-0x000007FEF5C7B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2460-91-0x000007FEF75A0000-0x000007FEF75C1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2460-92-0x000007FEF6A90000-0x000007FEF6AA8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2460-93-0x000007FEF6A70000-0x000007FEF6A81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-96-0x000007FEF46D0000-0x000007FEF46EB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2460-95-0x000007FEF46F0000-0x000007FEF4701000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-94-0x000007FEF4710000-0x000007FEF4721000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-97-0x000007FEF46B0000-0x000007FEF46C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-98-0x000007FEF4690000-0x000007FEF46A8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2460-99-0x000007FEF4660000-0x000007FEF4690000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2460-100-0x000007FEF4580000-0x000007FEF45E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2460-101-0x000007FEF4510000-0x000007FEF457F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2460-102-0x000007FEF44F0000-0x000007FEF4501000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-103-0x000007FEF4490000-0x000007FEF44E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2460-104-0x000007FEF4460000-0x000007FEF4488000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2460-105-0x000007FEF4430000-0x000007FEF4454000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2460-106-0x000007FEF4410000-0x000007FEF4427000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2460-107-0x000007FEF41E0000-0x000007FEF4203000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2460-108-0x000007FEF43F0000-0x000007FEF4401000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-109-0x000007FEF43D0000-0x000007FEF43E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2460-110-0x000007FEF43A0000-0x000007FEF43C1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2460-111-0x000007FEF4380000-0x000007FEF4393000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2460-112-0x000007FEF4360000-0x000007FEF4372000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2460-113-0x000007FEF4220000-0x000007FEF435B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2460-114-0x000007FEF41B0000-0x000007FEF41DC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2460-115-0x000007FEF3FF0000-0x000007FEF41A2000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2460-116-0x000007FEF3F90000-0x000007FEF3FEC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2460-117-0x000007FEF3F70000-0x000007FEF3F81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-118-0x000007FEF3ED0000-0x000007FEF3F67000-memory.dmp

    Filesize

    604KB

    Download

  • memory/2460-119-0x000007FEF3EB0000-0x000007FEF3EC2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2460-120-0x000007FEF3C70000-0x000007FEF3EA1000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2460-121-0x000007FEF3B50000-0x000007FEF3C62000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2460-122-0x000007FEF3B10000-0x000007FEF3B45000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2460-123-0x000007FEF3AE0000-0x000007FEF3B05000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2460-124-0x000007FEF3AC0000-0x000007FEF3AD1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-125-0x000007FEF3A50000-0x000007FEF3AB1000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2460-126-0x000007FEF3A30000-0x000007FEF3A41000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-127-0x000007FEF3A10000-0x000007FEF3A22000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2460-128-0x000007FEF39F0000-0x000007FEF3A03000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2460-130-0x000007FEF36E0000-0x000007FEF36F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-129-0x000007FEF3700000-0x000007FEF379F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2460-131-0x000007FEF35D0000-0x000007FEF36D2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2460-132-0x000007FEF35B0000-0x000007FEF35C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-133-0x000007FEF3590000-0x000007FEF35A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-134-0x000007FEF3570000-0x000007FEF3581000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-135-0x000007FEF3550000-0x000007FEF3562000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2460-136-0x000007FEF3530000-0x000007FEF3548000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2460-137-0x000007FEF3510000-0x000007FEF3526000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2460-138-0x000007FEF34E0000-0x000007FEF3509000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2460-139-0x000007FEF34C0000-0x000007FEF34D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2460-140-0x000007FEF3260000-0x000007FEF3271000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2460-141-0x000007FEF3240000-0x000007FEF3251000-memory.dmp

    Filesize

    68KB

    Download