Overview

overview

10

Static

static

10

1587-1-0x0...ry.dmp

windows7-x64

3

1587-1-0x0...ry.dmp

windows10-1703-x64

3

1587-1-0x0...ry.dmp

windows10-2004-x64

3

1587-1-0x0...ry.dmp

windows11-21h2-x64

3

Resubmissions

03/01/2024, 11:37

240103-nrbrbsfde9 10

03/01/2024, 11:09

240103-m9me4scgeq 10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2024, 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1587-1-0x0000000008048000-0x0000000008057740-memory.dmp

  • Size

    60KB

  • MD5

    f29f4ba5349d19f3356b8698c0c954b5

  • SHA1

    879e2385f47112bdb8e41ab726d7382e73c9622e

  • SHA256

    37f38be0b43e53121d44ecba4d6762dc06a7b7c7fd2f57cbf89120b6409a090f

  • SHA512

    3f162335b6bf062ed231a088d94cf56a58c4027a9f2f3a7e6d0c795cebd048387145e72d8689ad7840c4f6f7e4a105271c5f15654e076982bc59619adf7abe5e

  • SSDEEP

    1536:kUEMAWwPQk16qHTWKRmyaSkDu4eFOVfr1:kUEMAWwr16qHTWKRmyaSmu4aOfr1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\1587-1-0x0000000008048000-0x0000000008057740-memory.dmp
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\1587-1-0x0000000008048000-0x0000000008057740-memory.dmp
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1587-1-0x0000000008048000-0x0000000008057740-memory.dmp"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    665032cdd0d0286836d4c7e2417f4c83

    SHA1

    26c36955f5bd6feb146691da65c9b8750019af7d

    SHA256

    bb97aa58809e0dfc1183235b5627c089df344981ab2f4da68a317bca16f2345a

    SHA512

    0e4c0c94e8edeffe115af3355d4677f543296b492700280be2b944f1cffa62082b30ad8e4a3b7d462f330c54d90bc71af4e4a5bf8530ed8418b17d1ff7f250b5

    Download Submit