d6193ac848e9413eb2a9158c9b50ddacaccc2877945b7f9d0bc5c387e1cc1d81

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Multi Giftcard Gen/assets/info.info
Size

1B
MD5

68b329da9893e34099c7d8ad5cb9c940
SHA1

adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256

01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512

be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\info_auto_file	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\.info	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\info_auto_file\shell	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\info_auto_file\	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\.info\ = "info_auto_file"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\info_auto_file\shell\Read	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\info_auto_file\shell\Read\command	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\info_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\""	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2580	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2580	AcroRd32.exe
2580	AcroRd32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2628	2248	cmd.exe	29
PID 2248 wrote to memory of 2628	2248	cmd.exe	29
PID 2248 wrote to memory of 2628	2248	cmd.exe	29
PID 2628 wrote to memory of 2580	2628	rundll32.exe	30
PID 2628 wrote to memory of 2580	2628	rundll32.exe	30
PID 2628 wrote to memory of 2580	2628	rundll32.exe	30
PID 2628 wrote to memory of 2580	2628	rundll32.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Multi Giftcard Gen\assets\info.info"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Multi Giftcard Gen\assets\info.info
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Multi Giftcard Gen\assets\info.info"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
f7f6eb57da9dcd84344fe6b2621ed311

SHA1
ecec94c8a35fafd39f98fa7c8390909ed4f8b549

SHA256
991ef924f65da840d264c3cacd577191711d0e9fbe472a79ecc81bf399bd7df8

SHA512
496dd7518e1357f237da753b9b79a91b530712c48256bcfcee0b1d56306feb36af1defbc7438999e7fdc4c0a6b9e11d4f2ed7698f122a7d4f69c7d7d920c8027

Download Submit