9a76db52356b41f0234e463b8573680cd98a7869623d5520e7840b6878077c8d

Analysis

max time kernel
186s
max time network
151s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
17-11-2023 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TypeScript-5.2.2/tests/projects/reexport/src/tsconfig.json
Size

97B
MD5

b8d0b39a4a08aee43d757b7a50715d38
SHA1

0f6f3ab961b52059795198ee172b58d70e17736e
SHA256

2b17de831d5d180550174734e6d520ef6ad3004c6dae761a2f0633587fd3fb51
SHA512

a2dd61f77f0b7b6e73a36efbadf1500124da6d4a15a4bc49ea479ccc2a55cc867079e28b5828ec66973f213f4b796a50becf91927146212ca1405a6c8c7a44c5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\json_auto_file\	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\.json	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\json_auto_file\shell\Read	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\json_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\json_auto_file\shell\Read\command	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\json_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\""	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\json_auto_file	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\.json\ = "json_auto_file"	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2528	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2528	AcroRd32.exe
2528	AcroRd32.exe
2528	AcroRd32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2544	2652	cmd.exe	28
PID 2652 wrote to memory of 2544	2652	cmd.exe	28
PID 2652 wrote to memory of 2544	2652	cmd.exe	28
PID 2544 wrote to memory of 2528	2544	rundll32.exe	29
PID 2544 wrote to memory of 2528	2544	rundll32.exe	29
PID 2544 wrote to memory of 2528	2544	rundll32.exe	29
PID 2544 wrote to memory of 2528	2544	rundll32.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TypeScript-5.2.2\tests\projects\reexport\src\tsconfig.json
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TypeScript-5.2.2\tests\projects\reexport\src\tsconfig.json
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\TypeScript-5.2.2\tests\projects\reexport\src\tsconfig.json"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
2487975348c53005299f0cbba2e8f70f

SHA1
40f57d008b858d55e1778e8340607013cfa4ba7c

SHA256
f2bd162040fe2db453af6dbc8ad3c42d0177f777a10b68b06326e6c7354e7b6b

SHA512
11a5cd786ded40a335cccd8249fc3b36f64a9328e39f851069356691483dd4dc57eef4c54417d464715e0daa0c34244ba5ab9ec9a6f2e75a3d4db9a972f5e50b

Download Submit