Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/02/2024, 18:13

General

  • Target

    chrome_100_percent.pak

  • Size

    138KB

  • MD5

    0fd0a948532d8c353c7227ae69ed7800

  • SHA1

    c6679bfb70a212b6bc570cbdf3685946f8f9464c

  • SHA256

    69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

  • SHA512

    0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

  • SSDEEP

    3072:48Kzw9bpM/OO3eS2Z8Gb0+VRLf0ld0GY3cQ3F2DExm/KLQ2I:9Kzw96/xm8Gb0OV8ld0GecQ3mExhLY

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2372

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          d8d8aedca043ed321700c77b5d2adfc0

          SHA1

          fec96818f45b59064cb18299606caa02bb8b12ba

          SHA256

          ee9eb1f8c1fdf4506e65288e19973d3da202c794bf67d93992b750f8fe32a4d0

          SHA512

          681eacc26b26da7623c478df967e5c46fe0eec89f818e0744b506a49d9fd1af0bffb2c2cd11f12f7faf5d1da4b6dcbec2d724abcd2f4fe062ba6d095a3a260e2