Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
01/11/2023, 18:28
General
-
Target
dino.bin
-
Size
476KB
-
MD5
ab2e178c77f6df518024a71d05e98451
-
SHA1
6863f15cd00af38d8693889dc10170107d75c8b6
-
SHA256
427ece485005f1bd517b8f0c6c38a8f73bf32350795b83fb8cf937c86f99dfc8
-
SHA512
9c301f14311d403948c24c545e9146e8e1a3cff5b3fe5f093e5cf4ddae3ff05a0fccb82ea536cde9819a6b514c39561f76844ed545439a1d78c0fc206435bbbe
-
SSDEEP
6144:ZrrbWMPhyMz2+qcE0glzW2o6JQZGrt7qI3AmvXAAMXquPQcEY/0H:Br1pyU2+qcEJoOQm+8HMXquPNEEO
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\dino.bin1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dino.bin2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dino.bin"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5831f927cc9c5af1153a376be8b307284
SHA1abc1778a779e86136f98588f729f0f3412af9477
SHA256f50f3e7e7f2fd237ff77bbcfcd9767822b69bc6fa68c9abe8b023c2a0fcb3801
SHA5124b5301180b8ba22dc32b5a2a55c21607f131f1967068321bb3ab5c9ad7cf643fbf85ff0c351d091761f9468a93db8c0ee69b7be63d8fa222d5b7e92c65fbb76a