334dfd6a7a445f9f9276101e434202f4a044e1f5bbd2bf72a2b8ba7164cfe138

Resubmissions

06-12-2023 22:51

231206-2ssccshfe2 10

06-12-2023 22:49

231206-2rqgdahfd3 3

Analysis

max time kernel
64s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2023 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

!@#Setup-Pa$$W0rd-2024/@#Setup-Pa$$W0rd-2024.rar
Size

18.5MB
MD5

0aeb13bb3dd0d2761e3966625faac892
SHA1

a12b4adbb104ca945d248697753b4acbf054f157
SHA256

0a52968fe93ad0cfde0d408dbc7e0a77c54ab01fbcc280dd4a1b3b3897c79fce
SHA512

20de52f3c358735ffedcd068a1ea07d8bc66705e524362bd6c1dd1e81636b7f664b7e9d23239441d98dfcff8cbd48a2a6b0ff3bd0c5cede95acdcefdc407a34e
SSDEEP

393216:ZvYV/q2OHdyVYb7VlVEH+odXdun4eSznP/TTzI+B8TaTw2bcuphXe:BYV6QVYbvVwNdun4Db38+B8eTwoz/O

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

OpenWith.execmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

3540 OpenWith.exe

Suspicious use of SetWindowsHookEx 55 IoCs

Processes:

OpenWith.exe

pid	process
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe
3540	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\!@#Setup-Pa$$W0rd-2024\@#Setup-Pa$$W0rd-2024.rar
1⤵
- Modifies registry class
PID:3560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads