Overview

overview

10

Static

static

10

Lethal Company.rar

windows7-x64

6

Lethal Company.rar

windows10-2004-x64

3

Analysis

  • max time kernel
    18s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2023 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lethal Company.rar

  • Size

    52.1MB

  • MD5

    44cdf025b72cf63a28eff7d2252a5ea9

  • SHA1

    7f1d14ac8be5dd35a3d9f842f953e383c464f625

  • SHA256

    8cc7296a4559e5055a9f90e879592428f156766ae69c97c8fb813716c3868294

  • SHA512

    50fc3f8c798b286787c0afba8a715752d991fefcac9afb58c58b301f1e52578c63f11d324aa7a5dfff3a189a8cb8ee2ae7aaf29e77c95e93118e04ca04918b9c

  • SSDEEP

    786432:Ptbfo/7OicUbONHiZzu74nfLofKnky9NyRmGYKLkGqFU06OPcfST0tPRvzJWAJCU:FbQgUbMMfVnkrj1LkGydvvYtP1YA/

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Lethal Company.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Lethal Company.rar
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Program Files\7-Zip\7zFM.exe
        "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Lethal Company.rar"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2676
        • C:\Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe
          "C:\Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe"
          4⤵
            PID:1196
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 1952
              5⤵
              • Program crash
              PID:2620

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe
      Filesize

      13.2MB

      MD5

      58c232802aa3b876476bf6b99ae44e63

      SHA1

      50ac427e4bf9d88dcbaa5739b8daa22c1386cc2b

      SHA256

      99a8e80e6b393601838c56cf954e38f4b020fb459ea3d258dc6f8da8f4e52322

      SHA512

      6850301b37816663389590003a54a1f6bf997bd32238096b9f4920bb240deaef0851a6fd2ecce0e7b8b21208de76c3576d348cde3e1ff2c3173ce955c5f6ed7a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe
      Filesize

      12.8MB

      MD5

      6f984b544c519ce5ee953b131d2a026c

      SHA1

      ef08f68fc9fd4e06a590bf93d67b234778cc31bb

      SHA256

      ead1368ed46c0361dc9ae4ea693758cc55b2fd5ca11974ecdabc0aba1f2556f4

      SHA512

      c3f5353c8ffee27041d3f5c5dce663d9454ce7faf4a4d5283234b6269137e5f94182a62da1c57a6099779124fcc1f615668a4d9f73549640b21b9598a6b1890f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe
      Filesize

      11.8MB

      MD5

      7ab7d4296d5f17d8063f3e5f0acad120

      SHA1

      fd01e5770c1db5effab3e6945e6b4b9cb8007f23

      SHA256

      c9f00bc761adb38cb9faa98251a462091027a3b928ec6e3fe49a6d3149db5e1f

      SHA512

      f582ce9621ca5e14416cb74d34dcfc949fe16ae1ebfdf263ecabcec4d57e18d7e40a8db81b36198b8a91074457e73afae97d4db70c8c0e2493db1db79820e8d7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarFE53.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • \Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe
      Filesize

      6.6MB

      MD5

      9a12d6931726cc0f5c70c8d89b76a064

      SHA1

      1447997d0b4d036459772065f70015a8f6485996

      SHA256

      f33b881e6fc968a26d3024f24f1f7b106d4db0763a94f8a3bbb52689a7ec5de0

      SHA512

      79ed4a7564744bd462c98918119fb45db0c897e665b81c1f9ce5ffc1c883ea0358ff4687f0cf0bae30e95d0d471c5fd43565183f9a4e0655c4c46613ff5d7063

      Download Submit

    • \Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe
      Filesize

      6.9MB

      MD5

      0cb0b81b023184b4eeeee1adf602726f

      SHA1

      ebde93729b2dcfd7513490af442a7d59dd96570f

      SHA256

      f516b7bd3c0f04feb0b04e4774ec1c4f619853c6b809aa25c426aa03b2495768

      SHA512

      a3f8770cb9bb35e1de1dcf5757e83a79ef212ba945fcb82a03e38b1bca199ec183dadd818e4f7d3456acfd8e2879e31674bfcf2e3c85a33b5992ada0c7aece4f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe
      Filesize

      5.8MB

      MD5

      6f27ced91c202cd3425c20cbac3b3f63

      SHA1

      5e918e80d3664327fa2a57c281598b7203669641

      SHA256

      7d24a44560ae0aa6bd99991f7de6893a8f6ad7766fc94ee869db8ee16ec8da8e

      SHA512

      d4558a20e16422634c13977d0a40c1099eee034858bd46d10266fe0251489ca86e7a21eb8c99839d751ff00174b18b3ad2d6e4c39ae66a1c4dabcf1d3e3c028e

      Download Submit

    • \Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe
      Filesize

      5.9MB

      MD5

      f2239771266f6dc414b2d09cab9782ac

      SHA1

      a1a2cdeacec17086ebf21ee57e9c2ada0e1e2f63

      SHA256

      9019374cba9a33d0399f5f8e482bcb21df411bf46ebc1a03ead2cebdf76f77bb

      SHA512

      cfac62d5810194d887957e1f84e7feb7b1df680382452d899fb31a82185adb3fcd78b7f623eef2124eceabee83f270557f385a91a34434c85e4ad66377f62c63

      Download Submit

    • \Users\Admin\AppData\Local\Temp\7zO47A511F6\loader.exe
      Filesize

      5.0MB

      MD5

      d94ae762c96998966c750a2ae8f246e5

      SHA1

      ade1e8e0deeff004c7178dcc7571f58d92743242

      SHA256

      15dda553dceb411d861800480578f47af1735b996e61e0bb847d75bb726b8e9d

      SHA512

      b7cd7d4fdefb8e2d77eff6e1d69668cca976550967ecf30d0ddeeab96a784855164f1ebe1639ffb5929311d77dda665b9c1f60f87d2c5592d2962e7ae7aa1c9c

      Download Submit

    • memory/1196-74-0x0000000000D70000-0x0000000000D82000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1196-89-0x00000000064F0000-0x00000000065F2000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1196-55-0x0000000006320000-0x00000000063D4000-memory.dmp

      Filesize

      720KB

      Download

    • memory/1196-54-0x0000000000C90000-0x0000000000CA1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1196-59-0x0000000000C40000-0x0000000000C4C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1196-66-0x0000000000D30000-0x0000000000D4F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1196-67-0x0000000000D50000-0x0000000000D65000-memory.dmp

      Filesize

      84KB

      Download

    • memory/1196-63-0x0000000000D30000-0x0000000000D4F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1196-70-0x0000000000D50000-0x0000000000D65000-memory.dmp

      Filesize

      84KB

      Download

    • memory/1196-62-0x0000000000C40000-0x0000000000C4C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1196-58-0x0000000006320000-0x00000000063D4000-memory.dmp

      Filesize

      720KB

      Download

    • memory/1196-71-0x0000000000D70000-0x0000000000D82000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1196-296-0x0000000001220000-0x0000000001A6C000-memory.dmp

      Filesize

      8.3MB

      Download

    • memory/1196-82-0x0000000000FB0000-0x0000000000FEA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1196-85-0x0000000000FB0000-0x0000000000FEA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1196-86-0x00000000064F0000-0x00000000065F2000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1196-90-0x0000000007630000-0x00000000078B9000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/1196-50-0x0000000007FA0000-0x0000000008B89000-memory.dmp

      Filesize

      11.9MB

      Download

    • memory/1196-93-0x0000000007630000-0x00000000078B9000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/1196-94-0x0000000007B70000-0x0000000007E0C000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/1196-81-0x0000000000DD0000-0x0000000000DED000-memory.dmp

      Filesize

      116KB

      Download

    • memory/1196-78-0x0000000000DD0000-0x0000000000DED000-memory.dmp

      Filesize

      116KB

      Download

    • memory/1196-101-0x0000000006130000-0x000000000617D000-memory.dmp

      Filesize

      308KB

      Download

    • memory/1196-98-0x0000000006130000-0x000000000617D000-memory.dmp

      Filesize

      308KB

      Download

    • memory/1196-102-0x00000000073A0000-0x000000000751C000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1196-97-0x0000000007B70000-0x0000000007E0C000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/1196-51-0x0000000000C90000-0x0000000000CA1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1196-47-0x0000000007FA0000-0x0000000008B89000-memory.dmp

      Filesize

      11.9MB

      Download

    • memory/1196-46-0x00000000071A0000-0x0000000007391000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1196-43-0x00000000071A0000-0x0000000007391000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1196-42-0x0000000006810000-0x0000000007198000-memory.dmp

      Filesize

      9.5MB

      Download

    • memory/1196-38-0x0000000006810000-0x0000000007198000-memory.dmp

      Filesize

      9.5MB

      Download

    • memory/1196-39-0x0000000001220000-0x0000000001A6C000-memory.dmp

      Filesize

      8.3MB

      Download

    • memory/2964-25-0x0000000003740000-0x0000000003741000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2964-24-0x0000000003760000-0x0000000003770000-memory.dmp

      Filesize

      64KB

      Download