e53650b7abd6c36cf8414b767820d55592d234b3f84a79ec277f5a440e7e135e

Analysis

max time kernel
133s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
23/10/2023, 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f83017723b51b930e659e1b07de308987a3753060786ebecdb369f423ce8bf8.iso
Size

2.9MB
MD5

4b030b936b25c785cdddd5857b717ffc
SHA1

fc664c6bfa1f214c054fe7f18c5fdd2ada735b69
SHA256

7f83017723b51b930e659e1b07de308987a3753060786ebecdb369f423ce8bf8
SHA512

e0a97d029a47ef71d3e95e1e89fb3b2d60b4bff345be1c74a82b9eb7bc5366d5b4c48b34270edba13f05b135f0dc97e87c46137f3c1176127f3aa4ee5781f4ba
SSDEEP

49152:2GVNIQMbrMpdTGfnviq9zxrHfHnvo2ZjXIZAjuJj:2G994Z9zNV

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
1288	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1288	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2568	7zFM.exe
Token: 35	2568	7zFM.exe
Token: SeSecurityPrivilege	2568	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2568	7zFM.exe
2568	7zFM.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1288	AcroRd32.exe
1288	AcroRd32.exe
1288	AcroRd32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2808	2016	cmd.exe	29
PID 2016 wrote to memory of 2808	2016	cmd.exe	29
PID 2016 wrote to memory of 2808	2016	cmd.exe	29
PID 1560 wrote to memory of 1288	1560	cmd.exe	37
PID 1560 wrote to memory of 1288	1560	cmd.exe	37
PID 1560 wrote to memory of 1288	1560	cmd.exe	37
PID 1560 wrote to memory of 1288	1560	cmd.exe	37

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\7f83017723b51b930e659e1b07de308987a3753060786ebecdb369f423ce8bf8.iso
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\System32\isoburn.exe
  "C:\Windows\System32\isoburn.exe" "C:\Users\Admin\AppData\Local\Temp\7f83017723b51b930e659e1b07de308987a3753060786ebecdb369f423ce8bf8.iso"
  2⤵
  PID:2808

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:2576

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\7f83017723b51b930e659e1b07de308987a3753060786ebecdb369f423ce8bf8.iso"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2568

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c start "" "AdobeEmbed\Formal-Complaint-8831-REDACTED-October-19-2023.pdf"&&set "WINDIR=%cd%\AdobeEmbed\"&&c:\windows\system32\licensingdiag.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\AdobeEmbed\Formal-Complaint-8831-REDACTED-October-19-2023.pdf"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c2d8516981e51c20e619b1afe4b27906

SHA1
896d48aad78aa3181fd22af5486a66b0611c4332

SHA256
a24c1e8f3c311b0327aee009f761963fca006e9ada7ef7ed134a2c314629d3be

SHA512
633c03fe55d4bf50a671238dc50483de63431cc6c61913ca61f33bcfa3cfb58a95c583153d6ebdc4ce1edefd82fea581bc2c5f07bf4755f1e48c45b2363b3b28

Download Submit
C:\Users\Admin\Desktop\AdobeEmbed\Formal-Complaint-8831-REDACTED-October-19-2023.pdf

Filesize
86KB

MD5
3c5f145278b4d02c27b07606d8e7e1b1

SHA1
fbef9b680038d920a7025349194b0e42c8e00838

SHA256
54955497b2720bf2fe5f4057941773ea3e46fcb369b522e53d27ca784716f14a

SHA512
f9181b968f4f65a5ce4519ca8a9fc58af74856e873c0a3441aeb68daed28b5efb194202e670b648b7d09db1b6719b684260ddf43b1e403d6d683c987659b78ae

Download Submit
memory/2808-24-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download