8e819e9d13fcd3fd2924dc1e417d52d312554dfc5cd15dcc3577909abf43a162

Analysis

max time kernel
15s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27df67fff0cb54d50b02144f6276b7ad.jad
Size

68KB
MD5

27df67fff0cb54d50b02144f6276b7ad
SHA1

03e8d79e1083c0fedacb4a270bc95483be9baee9
SHA256

8e819e9d13fcd3fd2924dc1e417d52d312554dfc5cd15dcc3577909abf43a162
SHA512

18e040bf4ad1a1f601ece58e1bdfdc700e6ecdcae3b43b2ef6ed55b0c79f9c8b43fcab8d4db5968ddab1dd38eb79d056a7fc3817e6ee62e500eadf1a472ad8b1
SSDEEP

1536:EjUcFC+MEcAwy7GtW2insgvrGoZNGtW2insgvrGoZD:EjUctoc7ZsArG8ZsArG4

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2668	2108	cmd.exe	29
PID 2108 wrote to memory of 2668	2108	cmd.exe	29
PID 2108 wrote to memory of 2668	2108	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\27df67fff0cb54d50b02144f6276b7ad.jad
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\27df67fff0cb54d50b02144f6276b7ad.jad
  2⤵
  PID:2668
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\27df67fff0cb54d50b02144f6276b7ad.jad"
    3⤵
    PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d8b226593196fdd067c86ae568f90b54

SHA1
0841b32adeebd7cedc5889c944f90373b3f57b42

SHA256
ab1dfa2f844a44996f3e61e79636beb85fdd5df036f547c96951f06448bd78c7

SHA512
1a164dd8f508e8ba546b61aee730a71f7da3189d43d292ca8edfef4cf1a3b6395feecb38ec3a2e275121c3ecfa22832f051370118eaf46fdf7ee9b6869a8df5e

Download Submit