Overview

overview

7

Static

static

7

yuzu-20231...0b.apk

android-11-x64

7

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    21-10-2023 08:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    baseline.prof

  • Size

    3KB

  • MD5

    f3628eb1abcdd938078d97922e53dca5

  • SHA1

    8fd71a68f2acedf34468a82f18384657d0f9089b

  • SHA256

    ff2d733a3fe3ffb8f837baafc7fadf3352abc8dc841b496287d86627bb3e432c

  • SHA512

    215cb6c3df2de38badefd100333698c9f6bb6f24b841e6f9c8439c270fc4cc118a3958c166cefc992cb5ad154dc11c88d80da23c5236f0f03f740f9281550861

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\baseline.prof
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\baseline.prof
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\baseline.prof"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    ecee00f6c595c9ed9b4d980c2c3f3121

    SHA1

    3f4c07417b34b79d81e868c13725fae0258420a9

    SHA256

    b327fe280dd25d8e2c34cd831ebb15604a55859da9a29051a36d4b9a3835210b

    SHA512

    2e6b4d6a0fb162198abe10ce916c14a7ce8efa265c6de2e35eb9abb65a8e80351039a1e9b1065779a9e93fa26b1cee7afd747fd51ba48a2e523f15eeb0dde550

    Download Submit