Overview

overview

10

Static

static

10

a.zip

windows7-x64

1

a.zip

windows10-2004-x64

1

tf2hud-edi...r3.dll

windows10-2004-x64

1

tf2hud-edi...s.json

windows7-x64

3

tf2hud-edi...s.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...s.json

windows7-x64

3

tf2hud-edi...s.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...d.json

windows7-x64

3

tf2hud-edi...d.json

windows10-2004-x64

3

tf2hud-edi...r3.dll

windows7-x64

1

tf2hud-edi...r3.dll

windows10-2004-x64

1

tf2hud-edi...r3.dll

windows7-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231201-en
  • resource tags

    arch:x64arch:x86image:win7-20231201-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2023 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tf2hud-editor/JSON/budhud.json

  • Size

    12KB

  • MD5

    ff01c0be0768edb045c46862d72449bf

  • SHA1

    d44c2c9a8b5b06c4b04c418752a058161a290084

  • SHA256

    d1a251660cc10e0c309f38fb753c9b0ddc5bbcd0257449e91b7405cb0ac171ab

  • SHA512

    a2e31a73b33034362f68e09d53f82adf435decb6b92c07efc0f0ea3b7b485a403742acd916eefe33efdfd257dc13469338c947610fd6258d72c9ee5133473ed2

  • SSDEEP

    192:WiJVQNEaIoYKw39P5WoD1txaZ1mqPQwjy8TJxBsFmMSEptsd3H:3ZDM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\tf2hud-editor\JSON\budhud.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\tf2hud-editor\JSON\budhud.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\tf2hud-editor\JSON\budhud.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    7ca1ee71a5c5bc7bba7ab2f0180c57f2

    SHA1

    8a3235f693e87d1a3fdd927b5a9c7d72de23635a

    SHA256

    7f9665843c9f45ed03915402632e59845b9aa3b54419434833ca69ad27878593

    SHA512

    1040085645eb671df1890ce4ed7441e7e01fa17df853ad22c7663df0da05d19c14fed05fad7c58722dc2dc06ce6afaa9021fbb7621bee3aa5d73e5a9b86153c4

    Download Submit