Overview

overview

3

Static

static

1

ubuntu-arc...pg.sig

windows7-x64

3

ubuntu-arc...pg.sig

windows10-2004-x64

3

Analysis

  • max time kernel
    314s
  • max time network
    318s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/02/2024, 18:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ubuntu-archive-keyring.gpg.sig

  • Size

    11KB

  • MD5

    99d0813d58f8e43532c7757b02cebe69

  • SHA1

    a66cbfc3faaa1757e6c2c47ff813d7fd84c2f1fb

  • SHA256

    2fa858947f7ce07d51213daa92772847f7ef421db7b3e6503a8ad5366ef86fce

  • SHA512

    35674fe4f0fccd0830045702bac4386484911442943cdc6e84188b7c1f119b9150899cda01c50cbc96c472001c02ce07cce88c883ff570059346a167078a7a72

  • SSDEEP

    192:vRpynyeZJUHT46SwlAPHEUWX9Eogj1Dc96pTnWtSpZWXmgvu23vp03SQ79CLsyg7:vPUU06Swl4BC9EogDcgNW07WtvuSu79x

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ubuntu-archive-keyring.gpg.sig
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ubuntu-archive-keyring.gpg.sig
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2728

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads