Overview

overview

7

Static

static

3

HandBrake-...UI.exe

windows7-x64

4

HandBrake-...UI.exe

windows10-2004-x64

5

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...al.ini

windows10-2004-x64

1

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

HandBrake.Worker.exe

windows7-x64

1

HandBrake.Worker.exe

windows10-2004-x64

1

HandBrake.exe

windows7-x64

1

HandBrake.exe

windows10-2004-x64

7

doc/COPYING

windows7-x64

1

doc/COPYING

windows10-2004-x64

1

hb.dll

windows7-x64

1

hb.dll

windows10-2004-x64

1

portable.ini.template

windows7-x64

3

portable.ini.template

windows10-2004-x64

3

uninst.exe.nsis

windows7-x64

3

uninst.exe.nsis

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-02-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    portable.ini.template

  • Size

    1KB

  • MD5

    a55a14acdb96d6f87b3c5e906fd338a8

  • SHA1

    e51cd75065e0f53af1e96f532569f3b7b9508771

  • SHA256

    81d2a215af90f34439f598b02e330654d5d71c7667106f97a143cb319bf9b5e0

  • SHA512

    f5403e9c53c930e9bb111a79d6a098037cd48b0b44e29b21021e0fd623977bd2bfafa1b0ec8be804fb23ed798132005d426f8e0b2a7b6b581cb810460c3b7b00

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\portable.ini.template
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\portable.ini.template
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\portable.ini.template"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    30962e3a642546992407d783d3703b9d

    SHA1

    2164d61692ee941978eedbfa9271bd4f159b1d47

    SHA256

    87ba5f42aadf849f365c7130880eac0e6e03cb0e99bc17e45961400f1da64800

    SHA512

    b9e2b1e8b5d1abd8b2d2d8504b86d64a9e927a0d6975c63226fb7734050ebd050378198354c644bdd7dc5ceeb51536adb86ed2db6583694109a1b59fc83bb0d8

    Download Submit