Analysis
-
max time kernel
14s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
29-08-2023 00:52
General
-
Target
data.win
-
Size
53.5MB
-
MD5
eabc4f7d415692a933ea0691ffd08d08
-
SHA1
5dabb41a12330cf424eac9dd81cf3d3027678f71
-
SHA256
48e035381b0324d30b35f5b6289b98794389c9363de3d974252b18d958a5b767
-
SHA512
a91f76a5a521056ad10cf5a041de1e84ea100f81c9b2997a1cd656b597a803060b7a67186462f853a0098f9e59b9be834048950f0134a4b0bf18adf20db8233c
-
SSDEEP
1572864:lH5+/hZejfE8KDWYk5YGIeyZ1fxFITJ1h6E1:5io5YGkV7y7Z
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\data.win1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\data.win2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\data.win"3⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51b3b52dd161bc6a0df8273b9bc0e84a6
SHA1a6d626bb47d6382d7e291603ffd3741f00abb646
SHA256a475b5d2323920eaf2c223940e62e7e29181cacbc2659947175da2482c11b241
SHA5122e85aba30da2a891381b587cab3332c49512a4eb703f1d8c5256a6ed1e1fc3d43add7e7d0c17112759378b46624b67b6dfc7bcd71756f3c815d8d8642e28f9ad