Analysis
-
max time kernel
359s -
max time network
365s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
11/11/2023, 11:59
General
-
Target
Downloads.7z
-
Size
15KB
-
MD5
2ad8ea6a0cebcffa65a25dc0fc82dd0c
-
SHA1
2af38bb6b32f01db4814ef634386b01b8268b581
-
SHA256
c3e19add215ebe3a323b3d15f54ac0e77514c1e474545bf033b98ae1eb1e5495
-
SHA512
15cd1e23a5b3dbf881bb03775d2a63f2e16c3234b22191de2d7a9e5da894f31afb0fe91c29895ef8404a2d72fd2ab7112a47e607c1f175f6f2c79395c5a91772
-
SSDEEP
384:9lq3Qfxd9/IYr15mKLpgCR646MZLhHntHq3FzwVMAzJ/:uM9dxUK9gn46Mx/Hfp/
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Downloads.7z1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Downloads.7z2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Downloads.7z"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5b51ed18e60e31623aa8a4d9638d081ed
SHA1c7b828c906ebe432a40dc0709c3c14a587fcb995
SHA2564ba734074b9b4dce6bd33d7aacf966f6baf31e3d234abe1d1cac8fcccc59064d
SHA51270c39a46c16cc5f458dbe3ef62a0b825feb4fecca9d1e1d198955c478c7cea06d270a1404164131972c66a4e8f718d3737a5ca77bc94849ec261f0b28e77ee2e