Overview

overview

3

Static

static

1

s/go.sh

windows7-x64

3

s/go.sh

windows10-2004-x64

3

s/ps

ubuntu-18.04-amd64

s/scan

ubuntu-18.04-amd64

1

s/scan

debian-9-armhf

1

s/scan

debian-9-mips

1

s/scan

debian-9-mipsel

1

s/ss

ubuntu-18.04-amd64

1

s/ssh-scan

ubuntu-18.04-amd64

1

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    s/go.sh

  • Size

    125B

  • MD5

    f8dab7c30afe989a3324752b9703449d

  • SHA1

    487bc217f6f2415431a9134612aa0f4b14a8afa9

  • SHA256

    be8424f3c8f6b8cdeb743d00a4891925704e9066f682efa26e22c860200cfc2b

  • SHA512

    d384ac879447df1d94888c292ae670f4c03e5eb907d9c3bfa436acd7727ab625d45c506d525c57bcee73c0e7de368c70a88216406cc7e95a75d7de2ffe28d780

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\s\go.sh
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\s\go.sh
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\s\go.sh"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    54b018435b0eb326f236e3eb1310a796

    SHA1

    df7411fe7fa1623ea3ace9407ab5f9f8c4634343

    SHA256

    a441c9589d103a9480f92ef0947f92536bc7d99d301f72ced9f08d13133a8b47

    SHA512

    40f6ca799c9dc999f2a7fea436743d62da65ab80e54e7bdc57af6f92d7a7b35c02b647a11199fcf6694edaea2c9fe507694eebf184bd0a8df6a35cf4fdc21c79

    Download Submit