Analysis Overview
SHA256
441a9a9122532db11528624304aed8df2c43a75312641ab101dc63f881374fe0
Threat Level: Shows suspicious behavior
The file 2018-Malware-Repository-main.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
PDF contains JavaScript
Drops file in Windows directory
HTTP links in PDF interactive object
One or more HTTP URLs in PDF identified
Unsigned PE
Enumerates physical storage devices
Modifies registry class
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-24 01:48
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
PDF contains JavaScript
HTTP links in PDF interactive object
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
One or more HTTP URLs in PDF identified
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-24 01:46
Reported
2024-01-24 01:52
Platform
win7-20231215-en
Max time kernel
118s
Max time network
125s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}" | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}" | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000 | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_TopViewVersion = "0" | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC} | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9} | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4" | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1" | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe
"C:\Users\Admin\AppData\Local\Temp\2018-Malware-Repository-main\Auto spreader\USB Spreader\USB_Spreader.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
Files
memory/2976-0-0x0000000000400000-0x0000000000482000-memory.dmp
memory/2976-1-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/2976-2-0x0000000000400000-0x0000000000482000-memory.dmp
memory/2976-3-0x0000000000400000-0x0000000000482000-memory.dmp