Overview

overview

3

Static

static

1

1b13fd63d4...1e.apk

android-9-x86

1

1b13fd63d4...1e.apk

android-10-x64

1

1b13fd63d4...1e.apk

android-11-x64

1

WebViewJav...dge.js

windows7-x64

1

WebViewJav...dge.js

windows10-2004-x64

1

base_fragment.sh

windows7-x64

3

base_fragment.sh

windows10-2004-x64

3

base_vertex.sh

windows7-x64

3

base_vertex.sh

windows10-2004-x64

3

blend_fragment.sh

windows7-x64

3

blend_fragment.sh

windows10-2004-x64

3

oes_base_fragment.sh

windows7-x64

3

oes_base_fragment.sh

windows10-2004-x64

3

oes_base_vertex.sh

windows7-x64

3

oes_base_vertex.sh

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2023, 22:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    base_vertex.sh

  • Size

    197B

  • MD5

    ce6fe2a4fc91c75666b4ee6172aad173

  • SHA1

    54beda53da78568034a4190f89b6a5970ad7c6c6

  • SHA256

    5572572479adcb76e09ac4a692a9fdfa114d0dd97f0d4f7f6781b41b46f5eb24

  • SHA512

    e666a90b14589a94b16c60b6da8b263343719c82297f46954406d337e82459d2f7b5b560d8d398b90763d4ea18753c859ba65a2295c705f45f75efa9cf2388ef

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\base_vertex.sh
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\base_vertex.sh
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\base_vertex.sh"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2788

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          78483f0f7952298441974f675c0e2fda

          SHA1

          0ef127562d99b7e4f8ed1a8090d4cb3bd81700bf

          SHA256

          98e84c246a2cbcf7a9686b8916bbd380ba7a146bca99eac78933125a53750714

          SHA512

          469b6630fb66bc22e184896141001c5ab8fadaf7618397b9efc90c8b2e0586bbcc951f749dc36d9c81c8f1b08f67cfe045353f7f62b193dda5db759fe9c472b1

          Download Submit