Overview

overview

3

Static

static

3

a98a9c1c92...67.exe

windows7-x64

3

a98a9c1c92...67.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2023 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a98a9c1c9227dfb169c7a0eaac6c4fdd4970c7450ee071912c5a2aaafebe3167.exe

  • Size

    293KB

  • MD5

    90ecd0476f5ae238b63384c09c16ae1b

  • SHA1

    7d80512583eb56a0e752e6779f906ba0a038a2b5

  • SHA256

    a98a9c1c9227dfb169c7a0eaac6c4fdd4970c7450ee071912c5a2aaafebe3167

  • SHA512

    8fe68b6f84a58d9797aae2dd99680b95334db3ca60b652bc0f477d3d3a37206fa3150ef4a997cec1767567558f0d0a12cac9d85de397ca9c3a3a51f286f9de47

  • SSDEEP

    6144:gTouKrWBEu3/Z2lpGDHU3ykJ/nGkQ/i5r:gToPWBv/cpGrU3yKGkUi5r

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a98a9c1c9227dfb169c7a0eaac6c4fdd4970c7450ee071912c5a2aaafebe3167.exe
    "C:\Users\Admin\AppData\Local\Temp\a98a9c1c9227dfb169c7a0eaac6c4fdd4970c7450ee071912c5a2aaafebe3167.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\t\Coisas Inúteis.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2236
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\t\Coisas Inúteis.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\t\Coisas Inúteis.py
    Filesize

    711B

    MD5

    2b1eddac83dd8a697c277da8c64ea0ac

    SHA1

    616731a381daf986e0e55b949995017e8e978346

    SHA256

    e4121854c1acd7e7f8ee032a269a715af31470e270a631d5d37cce4cebbbb2ad

    SHA512

    e3010144cbb89e90f28d6e1d6345761da5bb918d20702c3df0aa8381e9aae2c715d4cf0a42436a95b89cc2aef67a035d91bf007585179170892eeb3ecbc85dae

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    8a35aaf44864f8a089e20cfcdbebec5d

    SHA1

    7d299aa3f451cbd223614db9c07de6f8147d137e

    SHA256

    565b8ae934a348cb61934fcf4bbd40a61762b1e8ad9e4d7845b9cfbfd9604d7d

    SHA512

    1a2e1972c4c789c0bc7823636f21cbfed3620c4412af25ea7596ad4b751560ab026b5acf7e6e5ed3446bb26e1018d09f2cef546dd1922d635e3afa11f69121fa

    Download Submit