06cac562c42b1d366e8c54371e0009771a8fb9750d7cfaa768947a3299b21399

Analysis

max time kernel
0s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

297f8bc0bae3506c40b0784ed5dd3e3c.jad
Size

68KB
MD5

297f8bc0bae3506c40b0784ed5dd3e3c
SHA1

bf1076086bf44023bcf9c74a8f080837f29a7437
SHA256

06cac562c42b1d366e8c54371e0009771a8fb9750d7cfaa768947a3299b21399
SHA512

0e3a44e8e6e358f6c7b43fc99b780c582e3bb4cb27fb5eb0d2d16edf60ebd8e9c19f8f72876f709c87a586824e39e0c442fd02180976f0c51e88ae198f51d4f2
SSDEEP

1536:EjUcFC+MEcnfwy7GtW2insgvrGoZNGtW2insgvrGoZ3:EjUctox7ZsArG8ZsArG8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2780	2932	cmd.exe	15
PID 2932 wrote to memory of 2780	2932	cmd.exe	15
PID 2932 wrote to memory of 2780	2932	cmd.exe	15

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\297f8bc0bae3506c40b0784ed5dd3e3c.jad
1⤵
PID:2780
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\297f8bc0bae3506c40b0784ed5dd3e3c.jad"
  2⤵
  PID:2180

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\297f8bc0bae3506c40b0784ed5dd3e3c.jad
1⤵
- Suspicious use of WriteProcessMemory
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
10195a25be38cacf87f143c2b379ead1

SHA1
948d5a8b15de8827bbaa753bd0348a127eb36ab9

SHA256
ad2b0bb50aa6a884d638b1ae7e642d2ecde0a34e9993920bd460aed19ebdf2f8

SHA512
492d5c08a4008d434cd22a1e59a1fbd95cd9a15fa2fc46c5035d55a0c2e1977a7e795534b21e2761a8c9ac1cc440c6a109631cb83d0099e3899d6d6f2f79be92

Download Submit