Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
17/09/2023, 21:03
General
-
Target
caido-linux-v0.28.0-d48be7ca.tar.gz
-
Size
28.1MB
-
MD5
4bdac5db79bc36a666c1527d3474bd7f
-
SHA1
bf6b476ca9b692bcd1764a1fc00e8cd61180003e
-
SHA256
d48be7caace50f53b8f826f907f60783e00631c54ed6667855dc598b011c4106
-
SHA512
ece133527192286c199e9ebe27367f5189a1b818a9594e8cc7a28d870d6327b619c508768c7f3ca631e3cfc6d91bdbc8d9a49686de0784cc897d6b995eebbcf2
-
SSDEEP
786432:XYDUkszBh0loSB02kndcr0DVAh6jTVFgehR9nUwi:XHr0ljBSe0DOobbhXUwi
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\caido-linux-v0.28.0-d48be7ca.tar.gz1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\caido-linux-v0.28.0-d48be7ca.tar.gz2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\caido-linux-v0.28.0-d48be7ca.tar.gz"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD58b59a2b5608503d474ae3837900b1e0a
SHA1a75114e7875ff6311862fea1b0ded91bc7415006
SHA256d3476cf511915c0b7dfe149e448bd6d9ffa4f710746b8f395546ce08c0358c5c
SHA5124fedb188730142d03f5b07b138ddc2eb58a585cce6d31d282af1128e65dd0ec763c1a1f6493b96a40fd49083a5ce07a916a87e62ce85ceb8ad3d366ecca20516