Overview

overview

3

Static

static

1

563653658d...fc.jad

windows7-x64

3

563653658d...fc.jad

windows10-2004-x64

3

Analysis

  • max time kernel
    155s
  • max time network
    62s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 04:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    563653658d7b70d1c00129e9433ec2fc.jad

  • Size

    282KB

  • MD5

    563653658d7b70d1c00129e9433ec2fc

  • SHA1

    806848f9051b92d388ab476c3a586977b84340e1

  • SHA256

    6809bb9bfa9c8ccc122a5cd06acdbbc9f245cc987f8e9246dbfb5f912d9632d9

  • SHA512

    c1a74ee8c4f9401bae4dbb1a906def70b9ececc003e691678c56dfeb79956332737b8c1bfc018a82dd2a0f32f2c067f36091beae5eaf20329dea473bd4b2dda2

  • SSDEEP

    6144:D47xFDZO11CsDvigYggnk5QdL0UOYbCUE67N5:07BJsTigY5k0XOYbdE67L

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\563653658d7b70d1c00129e9433ec2fc.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\563653658d7b70d1c00129e9433ec2fc.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\563653658d7b70d1c00129e9433ec2fc.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1652

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          8d5dd784eb30d9e2b2442b81acb5b2c0

          SHA1

          b2fb2a67772c7a1106dae649971b8f166b4f6704

          SHA256

          6114527a6ab1f451f6b749d59615062713a9980501b7ee216564c5e39383d5a2

          SHA512

          0b09ae747f76c645c7b544468a18c9ac3d9d692068ba760dacfc2b057f53cd6dcb395774f860931f828a639df3e1614e2a93d506983dd0471fdc1cb2e23e9447

          Download Submit