Overview

overview

7

Static

static

1

sample.tar

windows7-x64

3

sample.tar

windows10-2004-x64

7

flashrec-1...asroot

debian-9-armhf

1

flashrec-1..._image

debian-9-armhf

flashrec-1...nds.sh

windows7-x64

3

flashrec-1...nds.sh

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 15:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    flashrec-1.1.2-20090909/assets/raw/writecommands.sh

  • Size

    299B

  • MD5

    0ed924c07fa3036ccfe2e53741c746c3

  • SHA1

    7dce8dad0891eead2d5e1191efafa3a1018d22dc

  • SHA256

    5650745fb4247c2597ea1ca5dca304fefd21dd9e705d67901d68dc51ad608b4b

  • SHA512

    a86c9ba320a8570d3335cfd46135867da89b1df490722dbdcaa89b0f9c037a58b95dd17f883f77d913a7efb52e639ebb705fc6314255d0a2cf0b3e54fd2e749c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\flashrec-1.1.2-20090909\assets\raw\writecommands.sh
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1428
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\flashrec-1.1.2-20090909\assets\raw\writecommands.sh
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2280
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\flashrec-1.1.2-20090909\assets\raw\writecommands.sh"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          f56810479ae1cb7dbe621be38f94390c

          SHA1

          a8ff09ae1045d6eb2c5650d59efe44a69e4554b8

          SHA256

          8cf8a0c88d4650c30870843103e8c61346b635ec67d582f66dfa124ca97ae59d

          SHA512

          e7ad984ff4b397c87e5695da9aba3dc41b73a3e5640f22aab54423b353ae44d04c79d8456edcb009b3a754e15aea1da7e24108ac7beeaf799affc55ef78ad7f1

          Download Submit