Overview

overview

4

Static

static

1

apk_1697589273998.apk

android-9-x86

1

apk_1697589273998.apk

android-11-x64

1

D1F6qdxW5G...YY.xls

windows7-x64

1

D1F6qdxW5G...YY.xls

windows10-2004-x64

1

DoaeSzkHj1...CX.xls

windows7-x64

1

DoaeSzkHj1...CX.xls

windows10-2004-x64

1

E.bat

windows7-x64

1

E.bat

windows10-2004-x64

1

MnFM6Eg6RA...iS.pdf

windows7-x64

1

MnFM6Eg6RA...iS.pdf

windows10-2004-x64

1

NdP63IdfX8...iz8.py

windows7-x64

3

NdP63IdfX8...iz8.py

windows10-2004-x64

3

Q.doc

windows7-x64

4

Q.doc

windows10-2004-x64

1

QrjLyBiXj1...1.docx

windows7-x64

4

QrjLyBiXj1...1.docx

windows10-2004-x64

1

R.bat

windows7-x64

1

R.bat

windows10-2004-x64

1

SiL3QjQCkz...Jr.pdf

windows7-x64

1

SiL3QjQCkz...Jr.pdf

windows10-2004-x64

1

T2Rzf6tyOo...FX.xls

windows7-x64

1

T2Rzf6tyOo...FX.xls

windows10-2004-x64

1

Z.bat

windows7-x64

1

Z.bat

windows10-2004-x64

1

base_fragment.sh

windows7-x64

3

base_fragment.sh

windows10-2004-x64

3

base_vertex.sh

windows7-x64

3

base_vertex.sh

windows10-2004-x64

3

default_fragment.sh

windows7-x64

3

default_fragment.sh

windows10-2004-x64

3

default_vertex.sh

windows7-x64

3

default_vertex.sh

windows10-2004-x64

3

Analysis

  • max time kernel
    138s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2023 08:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    default_fragment.sh

  • Size

    217B

  • MD5

    5a210368e764b5f368d079a884aa65d3

  • SHA1

    a72c682c7a14958a839b362f282ad2c11aa83800

  • SHA256

    2388bd12b7910eb13e63d57d32d7e7f775f7b43bd758c854a1aef3b507bc3c64

  • SHA512

    5a8203da5b6c34ce471a4218021b3d3579bd159a3b62d89ea4fa524ed171dc72d50d84a5d0ed0f098b27fe152f948bb11b2ca3c20b129fc11989571ec1d5efc4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\default_fragment.sh
    1⤵
    • Modifies registry class
    PID:4800
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads