Overview

overview

3

Static

static

1

Nicht best...wnload

windows7-x64

3

Nicht best...wnload

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231130-en
  • resource tags

    arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
  • submitted
    12-12-2023 10:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nicht bestätigt 635686.crdownload

  • Size

    332KB

  • MD5

    2f01e339f1facf12d0c2eaa84e1fbce4

  • SHA1

    026ca8ed7d69b2fdd43589a1c8bdf981f17bb2cb

  • SHA256

    b972b5c3f2d253aa1cbd1693b4cd2e224c14b490ea6cb6fffbab79e91ab58289

  • SHA512

    3f13f8d057739adbc3d001bdd0c1635a7fbbd1253f9d2455c182b00240a1516a7e5fc7c96bcc1db1f92a9704ad466917b0e64c20d18f7042fdc7451990734433

  • SSDEEP

    6144:TKHS1X7Tmw3LRil1dNktzY8k3a0hAV0MhG44Q+ItH9awe0SiKY7RslxJ:TKOX7TmgmwtzhkK0hAO5QptEwFH7mlxJ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Nicht bestätigt 635686.crdownload"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Nicht bestätigt 635686.crdownload
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Nicht bestätigt 635686.crdownload"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    6a0ce604a611d9d50dac875f88f51c98

    SHA1

    4537e8404b444c326e6e0eedd17f9a2c7bf67a6b

    SHA256

    ae71b8472c25b521ab2ed94d10834575c505077822e5a100cfda765b19194e28

    SHA512

    164e97ac5dcd9bfa80f058b9deb2230c74d9e3e9a92b4bd0fe3d12157c22803ee5d745f19c762002aed0f9593a216b18f6b61efc4ca02e7247e7668219ee3494

    Download Submit