Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-12-2023 12:27
General
-
Target
1e4d4c2e9ba9465d5c65ad99e467a565.jad
-
Size
62KB
-
MD5
1e4d4c2e9ba9465d5c65ad99e467a565
-
SHA1
a09b729e9a7a999b0c3ac191e1bd763b6bcbef68
-
SHA256
57327aab311e25a58f0c71cfc837b6b7b9644531aa42d943a844da47acdbf48e
-
SHA512
5203469d771b75ac73e59b5dc3d7cc48056c042b9dda92b1fb3f037095cb81075bdc1341084b68702e1e2d828b629011c607db338e391c78e5c3169e0ab74b1d
-
SSDEEP
1536:BKjedtiZG3UfRjdAahAWVZaEJ3v1ZdjEVCDoobyqd8jGX:BKjaIZG3UJjdAEZaERNEC38jE
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\1e4d4c2e9ba9465d5c65ad99e467a565.jad1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\1e4d4c2e9ba9465d5c65ad99e467a565.jad2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1e4d4c2e9ba9465d5c65ad99e467a565.jad"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD57fd006b2a6a2af4e95fb7861f2a388ba
SHA1b23df9b8fbe29f822c723c5ce584d35897e3bf70
SHA256780b8bd09f68720a0c0aeaf6e37f241a9b0a85a81c57ced834fc891a5ecc06f0
SHA51201ed3a1618c1120e470907a6f7d7ccc2d56998a9986511847a7f09d53f11a5f108867b1f31b2a938cc263e52b0358ba9d98c62c2dfd063e7c0c8e18bfb25a16f