Analysis
-
max time kernel
0s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/12/2023, 06:38
General
-
Target
5a16eb45598f7c31dae0b72f0f8747ca.jad
-
Size
68KB
-
MD5
5a16eb45598f7c31dae0b72f0f8747ca
-
SHA1
683daf1875d125effc3bbe31e462090bd964c395
-
SHA256
54a5d695f6338e233f792429c1127a5cc4a237865c4c197741ba20fbabc4425d
-
SHA512
1ef6cd4e1193f2f3ca53e7f7cd0704f32bf9f6b0c9228fb25d552f1fe3b1fd35c52955a7aead27abfc1460c5e4de326d09c7a2ac6c840f8b29145e38cfb91790
-
SSDEEP
1536:EjUcFC+MEcxwy7GtW2insgvrGoZNGtW2insgvrGoZF:EjUctoP7ZsArG8ZsArGK
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\5a16eb45598f7c31dae0b72f0f8747ca.jad1⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5a16eb45598f7c31dae0b72f0f8747ca.jad"2⤵
-
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\5a16eb45598f7c31dae0b72f0f8747ca.jad1⤵
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5b0e11bdd36c488aa70517fcf4c1c2f88
SHA1e509b2eeacd3ad36d819b180d141d0644f41f2be
SHA2567569c99b4aaaba589cbbd9e45d2e21761ca3a253edb65a7d2a5f9c7909aff4d8
SHA5126e7c4c4364cf23e1c0823a9f938fe2d6be9378d32bf505eb25db99d56d452256f2a8a4a31bf1d545a6afe6b75cde9763768fdd5f6a987c3e602cc9fc32c690c8