9075fa0067a3b9b3f07335b12580e135786372d2102449228e3afd62dfbfa458

Analysis

max time kernel
14s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e86a0f0cbc5cd432f44a43e344f661f.jad
Size

8KB
MD5

1e86a0f0cbc5cd432f44a43e344f661f
SHA1

f6098768cab0c84d4d0c68508401e5f344a181f1
SHA256

9075fa0067a3b9b3f07335b12580e135786372d2102449228e3afd62dfbfa458
SHA512

f1290f6e45920007b0d1d67b4e13f5bacc69f686c35cec79fb0e45c6aaaeb34a0aa804279fd5100ecc6c40db27ebf12a4a1e7ab1737408533912a1cc54b499fe
SSDEEP

192:Fdh0xCAV4iJ9worfEmfLF8kRXF54NnFyZGOPM2YSS9mU:Hh0VlCwf3TR154CZGx2Yhj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2704	2636	cmd.exe	22
PID 2636 wrote to memory of 2704	2636	cmd.exe	22
PID 2636 wrote to memory of 2704	2636	cmd.exe	22

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1e86a0f0cbc5cd432f44a43e344f661f.jad
1⤵
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\1e86a0f0cbc5cd432f44a43e344f661f.jad
  2⤵
  PID:2704
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1e86a0f0cbc5cd432f44a43e344f661f.jad"
    3⤵
    PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
61a761bf6fde3192d979b2b84d7cbf8f

SHA1
c4e144ffce4226bef45d2959037592b16780075e

SHA256
f8341522275366cc38dbeba9b4999f439f6d16819784413a500271edb54002f6

SHA512
1d7b1fa9c8eba8f8267a1350fa866c9adef82df5ee07fab354b1cb2c76b8af8cd9497395ece1d1a5097cba9af3456ad4915d85a7668741fb3b39bca8e232f7b5

Download Submit