Overview

overview

3

Static

static

1

Microsoft....we.zip

windows7-x64

1

Microsoft....we.zip

windows10-2004-x64

1

AppxBlockMap.xml

windows7-x64

1

AppxBlockMap.xml

windows10-2004-x64

1

AppxMetada...st.xml

windows7-x64

1

AppxMetada...st.xml

windows10-2004-x64

1

AppxSignature.p7x

windows7-x64

3

AppxSignature.p7x

windows10-2004-x64

3

Microsoft....4.appx

windows7-x64

Microsoft....4.appx

windows10-2004-x64

Microsoft....4.appx

windows7-x64

Microsoft....4.appx

windows10-2004-x64

1

Microsoft....6.appx

windows7-x64

Microsoft....6.appx

windows10-2004-x64

1

[Content_Types].xml

windows7-x64

1

[Content_Types].xml

windows10-2004-x64

1

Resubmissions

25-10-2023 13:58

231025-q979cshd42 1

25-10-2023 13:54

231025-q72c2ahc87 3

25-10-2023 13:53

231025-q6ywhshc46 1

Analysis

  • max time kernel
    165s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    25-10-2023 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AppxSignature.p7x

  • Size

    11KB

  • MD5

    cb484fe3c01bbd81ebeaab24069fc76e

  • SHA1

    767cf0e85397e4135d5836b761c45c9f6a79198f

  • SHA256

    46ca4a476964ca72ead360746ab8afeb84366c11bad0a78fb2e9d8b12dd3cf24

  • SHA512

    0dd1df6d5276f675187c7800ce8ff81c1284e65d2ea882925933804b84447c7a854085bbae25e7a88ac5a0afad5c2ca88f68f97d06f2d0f9eb225267790c24e9

  • SSDEEP

    192:Azz7gpecbZziJFg9hHTz+nE3zdwTh+kSobX01k9z3ArRhbscD:Anmzi3g9hHH+EiK+R9zILscD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\AppxSignature.p7x
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AppxSignature.p7x
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AppxSignature.p7x"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    7867362c00dc52a0950b99a5295f8711

    SHA1

    b68a9073e37353e1f3d79942a79c955033270e23

    SHA256

    f7cd84eed717102a24dda8bcce6b7142b3c879b08d05db0854abd176c033a945

    SHA512

    feb19499cbbf35c4e947a09799b30cfa4c7af02be6a5ac00d371efa9b6b2c6211842a10188f7d8e42b5b8e1fb1100fa032d57c381659e996ce593dd4ad6b680f

    Download Submit