Overview

overview

7

Static

static

4

update_06_09_2023.zip

windows7-x64

1

update_06_09_2023.zip

windows10-2004-x64

1

ccat.scc

windows7-x64

3

ccat.scc

windows10-2004-x64

3

courses/O_...23.ecp

windows7-x64

3

courses/O_...23.ecp

windows10-2004-x64

3

courses/P_...23.ecp

windows7-x64

3

courses/P_...23.ecp

windows10-2004-x64

3

ealist.xml

windows7-x64

1

ealist.xml

windows10-2004-x64

1

olimp_ente...30.exe

windows7-x64

7

olimp_ente...30.exe

windows10-2004-x64

7

olimpoks_e...S).pdf

windows7-x64

1

olimpoks_e...S).pdf

windows10-2004-x64

1

olimpoks_e....9.pdf

windows7-x64

1

olimpoks_e....9.pdf

windows10-2004-x64

1

plist.xml

windows7-x64

1

plist.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    222s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2023 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    courses/P_B_P_115.22_06.09.2023.ecp

  • Size

    30.7MB

  • MD5

    baf0765aec4d1aab858d3b839cffa18a

  • SHA1

    f89a25fb9e1ae89296d68c588a7b287c5c944d46

  • SHA256

    12a6bec44a3b049edcb3c45cf6ed0b1eacd4f322c5e4eb417f6c9eb680874a3c

  • SHA512

    cba9c9a689a001570ae19bb07fe33d054400c62a47aabf412948b417ba0e09c8d8f9f6a38448622718e6ee1c5868d7a2877f4ec0d164b2326002f591291c4950

  • SSDEEP

    786432:QjiTmtLINJuxNJo01PNJTFB1NJnYk1NJLNJB25NJ9EgVNJWMWNJ1wBVVCNJd:QmTmtLINAxNz1PNvB1NBTNxNH25NIKNy

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\courses\P_B_P_115.22_06.09.2023.ecp
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\courses\P_B_P_115.22_06.09.2023.ecp
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\courses\P_B_P_115.22_06.09.2023.ecp"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    3c68963e7e8fc58b43c5bee0cb1df0d7

    SHA1

    8b150692af9e7de70ac97cd9de333f9478504a6a

    SHA256

    b8c42c7cfb6dc0d74629cb1c0a421f8f15991f09d69105af42a277e7b260c645

    SHA512

    8d02a66c71928f9ac4d774b1489e7a74e8212d3c5232b4c299282d981ca25fbd7b6b1e3b7458f8eae8908bb211ff7add8d8b0199b426c05dc2f456874b9387b5

    Download Submit