Overview

overview

10

Static

static

7

b625765ce7...a3.apk

android-9-x86

10

b625765ce7...a3.apk

android-10-x64

10

b625765ce7...a3.apk

android-11-x64

10

ap.png

windows7-x64

3

ap.png

windows10-2004-x64

3

base_fragment.sh

windows7-x64

3

base_fragment.sh

windows10-2004-x64

3

base_vertex.sh

windows7-x64

3

base_vertex.sh

windows10-2004-x64

3

behavior.js

windows7-x64

1

behavior.js

windows10-2004-x64

1

crossing_nigth_bk.png

windows7-x64

3

crossing_nigth_bk.png

windows10-2004-x64

3

mic.js

windows7-x64

1

mic.js

windows10-2004-x64

1

mspjs_v2.js

windows7-x64

1

mspjs_v2.js

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-09-2023 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    base_vertex.sh

  • Size

    188B

  • MD5

    8ca61f9c38649d70235b0d9b9fd2d8e4

  • SHA1

    4c3d34710f1d951ac371f88657cab92977da8b32

  • SHA256

    87fd875bdcb0e0ef9a91a350dd536066a86b22d6b16cd1d7398639040c5619d8

  • SHA512

    f137b0df7b7511d0b73c9cc67ca1b1b76dfc333199f598c22e8e6e651f4d180daa1fcb39c3d857ef907b1052508d7e125c8a2dae9527cffcfc120b97edc78fcf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\base_vertex.sh
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\base_vertex.sh
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2984
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\base_vertex.sh"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    e6e6380522dd32e72bdc60c188c34a03

    SHA1

    0e011b23163ab4535902c4f870853abbc8ed183b

    SHA256

    abb3ea7b561b5f4c000849094f592e72ed6cfb6c19415a3676c482e6623a5970

    SHA512

    17195f72091bb72b6ad5f580b366952c78fe631b69b86a5a64088ef143e10e5daf42a03425288b39a329dcde003eed4964e7d1b87c66332a852a45b94d9ee5d1

    Download Submit