Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2024, 22:52

General

  • Target

    r.rbxm

  • Size

    16KB

  • MD5

    4ba68770e1ef7c45fa91be941ad26af0

  • SHA1

    10b51d3207db5b55548b6eb131918c3368e7cfd9

  • SHA256

    bf2b00c0db85aaff70aef27c502fc449e04101db4c267fa0bb2f4bc8a6896d7d

  • SHA512

    7f5385813d19c025283aa3114df982b8603e9b5623057206dff08eab7b35e5a8012a6b139072b60c50cf48d0b4dff3ae3216101ab8a701a3ef58c7ec311fee97

  • SSDEEP

    192:53Ehhj8/wPIlZIfb9meCa1W002ISOjY9b4en9zbqgyuFhgQbI+CJ+LUCaU4t+:wq0IIfpCao002ISOUbXvqgyujNdLUlt+

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\r.rbxm
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\r.rbxm
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\r.rbxm"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    0421309ba9f70e23d7f87839744517ff

    SHA1

    74f00c12934c56bcef2c399c107d247c8189f454

    SHA256

    76c61c201fed045a594b80a34580f95fefeca5b07424c96c2b998a2773536004

    SHA512

    f2170b45d66b4daf8ddd15e5ef0033982db5982c7484e3c7919d51a3984679c0d95c8cb0347e9713a77b9efb92e5795ae6b7b0e5711ef421301ae7a7dd74f401