Overview

overview

4

Static

static

3

windows95-....1.zip

windows7-x64

1

windows95-....1.zip

windows10-2004-x64

1

locales\af.pak

windows7-x64

3

locales\af.pak

windows10-2004-x64

3

locales\am.pak

windows7-x64

3

locales\am.pak

windows10-2004-x64

3

locales\ar.pak

windows7-x64

4

locales\ar.pak

windows10-2004-x64

3

locales\bg.pak

windows7-x64

3

locales\bg.pak

windows10-2004-x64

1

locales\bn.pak

windows7-x64

3

locales\bn.pak

windows10-2004-x64

3

locales\ca.pak

windows7-x64

3

locales\ca.pak

windows10-2004-x64

1

locales\cs.pak

windows7-x64

1

locales\cs.pak

windows10-2004-x64

3

locales\da.pak

windows7-x64

3

locales\da.pak

windows10-2004-x64

1

locales\de.pak

windows7-x64

1

locales\de.pak

windows10-2004-x64

3

locales\el.pak

windows7-x64

3

locales\el.pak

windows10-2004-x64

3

locales\en-GB.pak

windows7-x64

1

locales\en-GB.pak

windows10-2004-x64

3

locales\en-US.pak

windows7-x64

3

locales\en-US.pak

windows10-2004-x64

3

locales\es-419.pak

windows7-x64

3

locales\es-419.pak

windows10-2004-x64

3

locales\es.pak

windows7-x64

3

locales\es.pak

windows10-2004-x64

3

locales\et.pak

windows7-x64

3

locales\et.pak

windows10-2004-x64

3

Analysis

  • max time kernel
    98s
  • max time network
    302s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2024, 19:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    locales\am.pak

  • Size

    531KB

  • MD5

    8e8fbaad0de95893785875e20cfbe5f3

  • SHA1

    f179e4db197a974e1e428f0bcb9cb1bc09df04f4

  • SHA256

    f62791089b07bb9796292e5e3fd81eb1e68f3adba0fcc88fea4df744dbad6775

  • SHA512

    93cfc2f82d3f83dd992ba758d067055cc26bae5c2e9b1ecd6974f4143c22da405bc6845d2d2a811ff043ff1cd55929ed04a6f929ae01ac211c781d4786a90246

  • SSDEEP

    12288:oI+uzxX8xMzKsE1gI5z9SBeuWqQ9x30jH8+I:oIVX8xMzKn1gI5z9SB6qQZ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\locales\am.pak
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\locales\am.pak
      2⤵
        PID:2444
        • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
          "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\locales\am.pak"
          3⤵
            PID:268

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
              Filesize

              3KB

              MD5

              a65ff293a3b0f70b3652caaa7409439b

              SHA1

              1568c2c21f9d27b4c60c60cbca502297ef23156e

              SHA256

              385d6db1206e12e2960b4c676b2a4cb848164f6508c5f6279abca944b74f59cd

              SHA512

              e23629745b2ef053afa9232596cd6bdf7ba3e17dd45a1669e8ed9521f8bec4f61a8820686644166fbf0e5d87dfc601914e74591b57f905ae128d9317b10fd2f7

              Download Submit