35f8d2b76d36ac7934b0ff7dc727a993b3f76ec46795ec0e8dfd9d10dcc16f64

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53464f19ac949118abf7338ad60110c7.jad
Size

68KB
MD5

53464f19ac949118abf7338ad60110c7
SHA1

c04283d88102ec78c219724fde82f1ca1234ef13
SHA256

35f8d2b76d36ac7934b0ff7dc727a993b3f76ec46795ec0e8dfd9d10dcc16f64
SHA512

9399bb17eb188a424f4a624659a530e6af17e950d8bf3146db56af2baef781be3ed3d46cc7132a1cf0fb2035e4e6883d2725aac1f23f41b1749974f20448064e
SSDEEP

1536:EjUcFC+MEcbwy7GtW2insgvrGoZNGtW2insgvrGoZz:EjUcto17ZsArG8ZsArGo

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_CLASSES\jad_auto_file\shell\Read	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_CLASSES\jad_auto_file\shell	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_CLASSES\jad_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\""	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_CLASSES\.jad	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_CLASSES\.jad\ = "jad_auto_file"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_CLASSES\jad_auto_file\	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_CLASSES\jad_auto_file\shell\Read\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_CLASSES\jad_auto_file	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2708	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2708	AcroRd32.exe
2708	AcroRd32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2748	2676	cmd.exe	29
PID 2676 wrote to memory of 2748	2676	cmd.exe	29
PID 2676 wrote to memory of 2748	2676	cmd.exe	29
PID 2748 wrote to memory of 2708	2748	rundll32.exe	30
PID 2748 wrote to memory of 2708	2748	rundll32.exe	30
PID 2748 wrote to memory of 2708	2748	rundll32.exe	30
PID 2748 wrote to memory of 2708	2748	rundll32.exe	30

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\53464f19ac949118abf7338ad60110c7.jad
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\53464f19ac949118abf7338ad60110c7.jad
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\53464f19ac949118abf7338ad60110c7.jad"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
0f680156a1322b2aad8c584c0b605694

SHA1
9fdd4266fde50d8e1cf7ae94764dea54c095f745

SHA256
8ef2b27756558dd40f99ebfae63ee06375aa81050556e5a2c862f0e9ce584241

SHA512
a7e443263dd9ffccf1fd06011932426c16d1f52b51e87d3565212e14f587a24fa623a7585e2e56be84c658c7c7918e5c25335f145be0b9e0287aac5b06329510

Download Submit