Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2023 17:45

General

  • Target

    09334503fb1e4944968148819d71d896.jad

  • Size

    68KB

  • MD5

    09334503fb1e4944968148819d71d896

  • SHA1

    420ba871fe752d744be37f03ee580231e941ed50

  • SHA256

    48d93ccf15d4c1716bef3d50e9c29bc51a7f9527c53b74cd5b89b366f30e35e0

  • SHA512

    a9a2d2ae7c8b9cfb036635583dfb86af4169f249e5a820c3c665178f2ff3a8d8bc2e97b1af308c76cf38742721980669468da77cf11edfb502c1a82e1ba50454

  • SSDEEP

    1536:EjUcFC+MEcJwy7GtW2insgvrGoZNGtW2insgvrGoZ4:EjUcton7ZsArG8ZsArGL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\09334503fb1e4944968148819d71d896.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\09334503fb1e4944968148819d71d896.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\09334503fb1e4944968148819d71d896.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    4dd0478d3e8a432e3f9d89fa895c4f8a

    SHA1

    07c5f8c838ad4e4b3746afcb0d9ac182f58d919d

    SHA256

    0e9c3bd3e0417661732211b1b9ebadc5a95e34e9dc44126e2f5dc5072e081096

    SHA512

    c78b11740610cefe150fca6feeca0191df9923c0583c20c5eee20a87370c112541cc8dec950f1142e18d205cb11bf8b1f196c604b702d29a61aa7003987d967a