Overview

overview

7

Static

static

1

BO2 GSC Loader.rar

windows7-x64

3

BO2 GSC Loader.rar

windows10-2004-x64

7

BO2 TU18/c..._mp.ff

windows7-x64

3

BO2 TU18/c..._mp.ff

windows10-2004-x64

3

BO2 TU18/e...loc.ff

windows7-x64

3

BO2 TU18/e...loc.ff

windows10-2004-x64

3

BO2 TU18/e..._mp.ff

windows7-x64

3

BO2 TU18/e..._mp.ff

windows10-2004-x64

3

BO2 TU18/e..._zm.ff

windows7-x64

3

BO2 TU18/e..._zm.ff

windows10-2004-x64

3

BO2 TU18/e..._mp.ff

windows7-x64

3

BO2 TU18/e..._mp.ff

windows10-2004-x64

3

BO2 TU18/e..._zm.ff

windows7-x64

3

BO2 TU18/e..._zm.ff

windows10-2004-x64

3

BO2 TU18/e...loc.ff

windows7-x64

3

BO2 TU18/e...loc.ff

windows10-2004-x64

3

BO2 TU18/f...loc.ff

windows7-x64

3

BO2 TU18/f...loc.ff

windows10-2004-x64

3

BO2 TU18/f..._mp.ff

windows7-x64

3

BO2 TU18/f..._mp.ff

windows10-2004-x64

3

BO2 TU18/f..._zm.ff

windows7-x64

3

BO2 TU18/f..._zm.ff

windows10-2004-x64

3

BO2 TU18/f..._mp.ff

windows7-x64

3

BO2 TU18/f..._mp.ff

windows10-2004-x64

3

BO2 TU18/f..._zm.ff

windows7-x64

3

BO2 TU18/f..._zm.ff

windows10-2004-x64

3

BO2 TU18/f...loc.ff

windows7-x64

3

BO2 TU18/f...loc.ff

windows10-2004-x64

3

BO2 TU18/f...tch.ff

windows7-x64

3

BO2 TU18/f...tch.ff

windows10-2004-x64

3

BO2 TU18/g...loc.ff

windows7-x64

3

BO2 TU18/g...loc.ff

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BO2 TU18/common_patch_mp.ff

  • Size

    742KB

  • MD5

    1c27e5da7bd8442439aed418e3305326

  • SHA1

    604098af095fd43cfa4b3791f7060a982f68b011

  • SHA256

    6cd7e66a9d2abc78120049ea24b4a8db0abcc3b6a143d481d05b6239c9379af4

  • SHA512

    01d8ed342425e665b52a84520190fc4d2a674d46226b240565bbff20a7231bd6269dd35aec57fc578aa75c23021b8641c38f409cf78ec3a07878362b169a851b

  • SSDEEP

    12288:LJ+9SCD9gGALD90CpLeetXAtVE43tsxpRSAoJEZX1vbQ3ZzwFv4b2Op/iKp6zVIh:dBCBALuC5eeWcUyxiwZFzQJsFwSYSzVx

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\BO2 TU18\common_patch_mp.ff"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\BO2 TU18\common_patch_mp.ff
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\BO2 TU18\common_patch_mp.ff"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5ebc3ea3d4fa0381954d61384d580c97

    SHA1

    50e5c6de20a2e11818e6ff0437975b6222199d2e

    SHA256

    98bac445c45c504901223fd8d5202fda3f6238bcb1db6ab706c72fd13077add5

    SHA512

    fd6d9cfbafe32255f26cff5fe2d007b5253337b51baa0c1771eb15c42f506126f5eee63f492f6f1adce1f81e1788d5350c3eac7f359ba9c2aa1599a7b47ea790

    Download Submit