Analysis

  • max time kernel
    152s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2024, 22:39

General

  • Target

    Cat.Goes.Fishing.v13.11.2019.rar

  • Size

    27.9MB

  • MD5

    80a06d27fd585daf1b9e79a71fd722b7

  • SHA1

    8b9cb56a6a08d2a3e70bf5e55a5f826b3f4b3637

  • SHA256

    fa925b3e76ed9daa56d7dc81d622202a7aa2649f923f97a986d214bc1ccad048

  • SHA512

    cc2441c9a5c0d7368405d11a0705a2de55db21a9722241498238034705afe79586962308fca0e76672d680748297c31ccd3592f230956e0b7807623c8b0e96a7

  • SSDEEP

    786432:yOcRxcI2F3/Fdi1PO2j/rDNAoZa1z/9hCji6Kl6/Hq:yxx6FTi1WO/lza1B0ji3lSK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Cat.Goes.Fishing.v13.11.2019.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Cat.Goes.Fishing.v13.11.2019.rar"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Users\Admin\AppData\Local\Temp\7zOC8A7A548\Cat Goes Fishing.exe
        "C:\Users\Admin\AppData\Local\Temp\7zOC8A7A548\Cat Goes Fishing.exe"
        3⤵
        • Executes dropped EXE
        PID:2468
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnregisterEnter.mp2"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1532

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7zOC8A7A548\Cat Goes Fishing.exe

          Filesize

          4.3MB

          MD5

          906f75296beed2234b5488f8199fc75b

          SHA1

          f9371f6f24a40594dcf4b96585a9f4033a70e59e

          SHA256

          fab76ae5f809e690fe130857a266d822b772e91f829781a09c11b4c380b5889c

          SHA512

          4d156e3429ea1eb372ace4c4fd0e708b15afc99aac4c7b2b214ac74df31d8e055bdc644dac173a125f161a179c33d8f58ad33e633d101fb5fa894c6c08a8cc5f

        • memory/1532-59-0x000000013F6F0000-0x000000013F7E8000-memory.dmp

          Filesize

          992KB

        • memory/1532-60-0x000007FEF7A50000-0x000007FEF7A84000-memory.dmp

          Filesize

          208KB

        • memory/1532-61-0x000007FEF55C0000-0x000007FEF5874000-memory.dmp

          Filesize

          2.7MB

        • memory/1532-62-0x000007FEF4310000-0x000007FEF53BB000-memory.dmp

          Filesize

          16.7MB

        • memory/1532-63-0x000007FEF3810000-0x000007FEF3922000-memory.dmp

          Filesize

          1.1MB