Analysis
-
max time kernel
270s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
22-01-2024 21:54
General
-
Target
Disney Tarzan/TARZAN/tarzan.exe
-
Size
1.1MB
-
MD5
eca7d4ba9bbb4695495578e0e7d69485
-
SHA1
1862e7938db16faaa486d054ff02113d271833a2
-
SHA256
e9abf3193ca0a98101fd9f784a012dcc581e527878e7a2c3df99c507d97ab111
-
SHA512
a3da7d355851cc5b7e83c41413c71cf7908e01812110950c98dd9239cc3b7a733cb1bb0490aa58fae983d1531c18c75ea52564794e9624fde4dc1a133a9a2e5b
-
SSDEEP
12288:xljqnA1aln7oOJyFg9LCN66gpJfaogUopHtTEgr6Lj3G3m7hd74QzWZzA/Io:xleACn7oOJyFELC0cb8AIhdMoWp2
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 3 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Disney Tarzan\TARZAN\tarzan.exe"C:\Users\Admin\AppData\Local\Temp\Disney Tarzan\TARZAN\tarzan.exe"1⤵
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\gameux.dll,GameUXShim {8aea69cd-af7d-4a47-a01c-4b692443b1e0};C:\Users\Admin\AppData\Local\Temp\Disney Tarzan\TARZAN\tarzan.exe;30402⤵
- Blocklisted process makes network request
- Modifies registry class
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.3MB
-
Filesize
8.3MB