Overview

overview

10

Static

static

10

winprofile

windows7-x64

3

winprofile

windows10-1703-x64

3

Analysis

  • max time kernel
    301s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    01-11-2023 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df0b5dec580dacc7a825114817e91bfc77378f553caf38920d73f17c0b05de59.apk

  • Size

    986KB

  • MD5

    f781050ed3b5e54fb70798e8f45b45f1

  • SHA1

    1420adb2722bee5ffd8451a255d456c2f3939d4d

  • SHA256

    df0b5dec580dacc7a825114817e91bfc77378f553caf38920d73f17c0b05de59

  • SHA512

    19f09a1b003043458ecbe5f247f7ef9113e11744e6fbcf6b41d10c16b25c8b14c890d1fd6719bd47151f1d02ce04b20fdb54c5968180fb06dc33f10182a02506

  • SSDEEP

    24576:v1X2ldFd0cbu8sVCz6QXEZw2mgaD7wvtuLoccgSeUYI:NAFdDqVCWQXEZw2mgi8NccgSJ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\df0b5dec580dacc7a825114817e91bfc77378f553caf38920d73f17c0b05de59.apk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\df0b5dec580dacc7a825114817e91bfc77378f553caf38920d73f17c0b05de59.apk
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\df0b5dec580dacc7a825114817e91bfc77378f553caf38920d73f17c0b05de59.apk"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5924d91570660801cd334071631cd95c

    SHA1

    e666625a566304c3ddfb41db977e721f08b72c02

    SHA256

    4c3553850efbb4c46f18b5eeccfc9d7b60ee967f084a0fef8aa8bfa4b96ed0ca

    SHA512

    864e3748dee51cbeaeeb9c215798bf969df66f582fdc0d66d276fe979f396afb67a4214f680f5b0dfeae46557911f3be3d179113d05d801d652a22441b24b5f9

    Download Submit