Overview

overview

3

Static

static

1

Purchase O...f.zpaq

windows7-x64

3

Purchase O...f.zpaq

windows10-2004-x64

3

Purchase O...f.zpaq

ubuntu-18.04-amd64

Purchase O...f.zpaq

debian-9-armhf

Purchase O...f.zpaq

debian-9-mips

Purchase O...f.zpaq

debian-9-mipsel

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 11:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Purchase Order pdf.zpaq

  • Size

    562KB

  • MD5

    168af18a26b7ebcde83576356b6cd69e

  • SHA1

    5cc123c8355d1b67d49b5c01871f361d0ede3f5d

  • SHA256

    4eb6821f1dda5f2f1740e7cb3dd266f2b3be67cf62e4957a577a6a5a0172e1db

  • SHA512

    80d7b3ecd9e306e060a59b9b238c94ec018b0b4913d5892a5b1b6fbc558520d668f79062ddbfc118e8446f61b5f04962287f77e9673eb7d4f789e70659b8d411

  • SSDEEP

    12288:kgTnvU2NIknIAjBfDAqNpGSzOP5LMXpa+iN5OMWMSxHE/hPzl:RHvndBh3uc45OnMdzl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Purchase Order pdf.zpaq"
    1⤵
    • Modifies registry class
    PID:1804
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1696

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads