Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/12/2023, 07:36
General
-
Target
0f419239d517915b2e7210af73f89bdc.jad
-
Size
38KB
-
MD5
0f419239d517915b2e7210af73f89bdc
-
SHA1
87ec31718a1c2bb1410e2bb6a0ceb354e3a44792
-
SHA256
39ad3c55d9bb5b88af00b13fff416fe5f2b396a1c3e539ce2f11c14ac429a99b
-
SHA512
323658070000b48503eec4b60f87888f9a31f5a3e9fc1c01c2bfe7a42d829d7b57591998800c893ee8bcbdeb65ddadb962d03c6963d71cad92e658cc46deeb1a
-
SSDEEP
768:KeVSY9TMQMhHGWJDWrAJ890hMIt+i+0tk4utwlJNEtQXa35zCkFg:hVSqTMsQJ8mhki+8utwl6QXnk+
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\0f419239d517915b2e7210af73f89bdc.jad1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\0f419239d517915b2e7210af73f89bdc.jad2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0f419239d517915b2e7210af73f89bdc.jad"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c2e12daae344da2835312717cbee4187
SHA1c03c0977ab61cd4f30dada016eddc3dd691ffdd5
SHA2565cc9c0b7d5acf14bb1e163b17255aaea98380e30a784004dd2ab66fc8681ca30
SHA512ae10ca0d60c5edf7e04a10c6ea46f8d534e77a44b2a55b653e1dd924ae0f7883bab9474e8649c2274096b7052b130de7cad9088f7138dbf8c1b99eb12aa208a4