Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
30-12-2023 21:00
General
-
Target
1c5fa633396a2e8e8b476174154a6da7.jad
-
Size
581KB
-
MD5
1c5fa633396a2e8e8b476174154a6da7
-
SHA1
431098ee08d5fe1b7d4003d8e415b6d6f1f7edcd
-
SHA256
22c328778eb887d870ddb5f18e4f95294c290fd3b19d1a74b22c470c144d3151
-
SHA512
de16288b5c5167ae2c7280d2524c71e130de9f6fff22abf18bb80c15cced16c9b5b91318e380fedf77c21fc7deaf45dd287e184bb52df4c356369916f5dc049b
-
SSDEEP
12288:EU/vGAmSmkzxqnL8IvbgP7PP7a3/zGpVehl7WigKetWa2LbL:EGm0xqLtEDPO372Qhl7o2LH
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\1c5fa633396a2e8e8b476174154a6da7.jad1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1c5fa633396a2e8e8b476174154a6da7.jad"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\1c5fa633396a2e8e8b476174154a6da7.jad1⤵
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a09b160ccaafed9617097c5c8973e1a0
SHA150bb1be97e0f31c9d25a36b0fad2b9d0c4725d0d
SHA25690ea06c7e8f96d1dbb8e1185b2eaab99deb66e9bcef8327cef2dd98865e96964
SHA512783ae506b060d0527e0d6d6b5b95a8779aa4d1a5897ae0d4147afe21bba3ef4f3162498617f9c73d88d22024fcf81b04ebfc5b206f1dd448478914a47ff0bd8c