Overview

overview

10

Static

static

7

d35d02cba9...25.apk

android-9-x86

10

d35d02cba9...25.apk

android-10-x64

10

d35d02cba9...25.apk

android-11-x64

10

.eslintrc.js

windows7-x64

1

.eslintrc.js

windows10-2004-x64

1

aboutConfigPrefs.js

windows7-x64

1

aboutConfigPrefs.js

windows10-2004-x64

1

avalon.js

windows7-x64

1

avalon.js

windows10-2004-x64

1

background.js

windows7-x64

1

background.js

windows10-2004-x64

1

browserInfo.js

windows7-x64

1

browserInfo.js

windows10-2004-x64

1

cxense.js

windows7-x64

1

cxense.js

windows10-2004-x64

1

facebook-sdk.js

windows7-x64

1

facebook-sdk.js

windows10-2004-x64

1

google-safeframe.html

windows7-x64

1

google-safeframe.html

windows10-2004-x64

1

mask_frag.sh

windows7-x64

3

mask_frag.sh

windows10-2004-x64

3

mask_vertex.sh

windows7-x64

3

mask_vertex.sh

windows10-2004-x64

3

readability-0.3.0.js

windows7-x64

1

readability-0.3.0.js

windows10-2004-x64

1

shims.js

windows7-x64

1

shims.js

windows10-2004-x64

1

swiper-3.3.1.min.js

windows7-x64

1

swiper-3.3.1.min.js

windows10-2004-x64

1

tabExtras.js

windows7-x64

1

tabExtras.js

windows10-2004-x64

1

tabExtrasActor.js

windows7-x64

1

Analysis

  • max time kernel
    205s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mask_vertex.sh

  • Size

    274B

  • MD5

    106fc3540ca688b3f2f0a0018f321a64

  • SHA1

    01f09b8eb07536696c8301924310aefa14d69395

  • SHA256

    d087f2f4bc4840c8067bee22b11788d00d3c0d6f3099244cebe3105aa1503261

  • SHA512

    e79c16f9bd30ca47c792829f523925dd5f9e784be9a64460e0a5e2d67fda45a467702745984c6ede5d73320fc9932086c948dcd45af8952ad8f89dc94375bb9e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mask_vertex.sh
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\mask_vertex.sh
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2504
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\mask_vertex.sh"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4451829117a2de35cc94bdcb9e6b79c4

    SHA1

    1015db2eab627a5e9de34709e21e393b88d886fa

    SHA256

    7fed8b7f0c8825a4839b95404f07679b35dfe67d7395c40b4d2bded2044bc11b

    SHA512

    940ab3c6ebc3b3c826dc6a138d5c07d5fbcad1958de0d25d591d3b81e20d6402ff9594c2709c2e099effb6983fb8d16c20f54d92ffdb427598144e5937181bcf

    Download Submit