Analysis
-
max time kernel
0s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
22-12-2023 00:44
General
-
Target
һԶȨű_İ/exp/15.sh
-
Size
103B
-
MD5
2b175c7bd96a1436638f3f7d8ae73b88
-
SHA1
80d2d83d82116e20266a8694670f7499b444052f
-
SHA256
d60ac9975f701aa2da61174816554e7bc10d4c2c11f93be3dec811a36b983e46
-
SHA512
fd68bbdd1ba5a7390155a21413500238572d494f563c7a4b4f623ca70eee13881eb70feb59552dc9f1382468758a5b8de93fb4d8d01aeb2f81478a4f6212d770
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\һԶȨű_İ\exp\15.sh1⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\һԶȨű_İ\exp\15.sh"2⤵
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\һԶȨű_İ\exp\15.sh1⤵
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD5392e7d32117278b7e68ab182d474e32e
SHA1a6bc7dffeb05903629fed2de2cc84be1db3823dc
SHA256ad7c06f9d2ca7b7654d9e9aa3d8118592544ac0c0257653c804693e18a9a5ffa
SHA5123017741342824ee7a6bcca60ec0bd0c02790598bc84e9b124cd8e27ebecfe0ff5441448caf4b5d1595ce59bd63a4482ca702f07035abd280eb64ae4be60cb892