Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
18-09-2023 13:43
General
-
Target
baseline.profm
-
Size
205B
-
MD5
ed4a7b465662696bb4900080487207b3
-
SHA1
c616d6039a986fe844d177dcd67bdb703fd98676
-
SHA256
a2c93b02e8b9d2373ce7ff4a1054c7dc5a2d617a88bd07bd538f47de2d8b9f8e
-
SHA512
3df0abacd679a44374780cf7c174544359fea584186a784e6a898be1f28a3e18415c22ff0d09f973f518093ba7f0fd68c9417a5f61314f75ca87353fc9c0f7ca
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\baseline.profm1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\baseline.profm2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\baseline.profm"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56178839bc46b76d0ba4ce4a5e21a4a7d
SHA1722eed1215e2b083ff1f91db0c286eba85c48066
SHA2560963cb157b73c7f2deeddf425e0ff67cd0d2f7121d0cdd1fe67fcfda9c786f43
SHA512e302f982832e8f24a3a8da079def819cafbbc8b93f378b43ba60bbc4933eaa5e505099b690657d7eada9d5d41f0e993eeea2399330db0de149bbbd86bd737e6c