Overview

overview

7

Static

static

7

sa-mp-0.3....ll.exe

windows7-x64

3

sa-mp-0.3....ll.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...al.ini

windows10-2004-x64

1

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$SYSDIR/d3dx9_25.dll

windows7-x64

3

$SYSDIR/d3dx9_25.dll

windows10-2004-x64

3

SAMP/SAMP.ide

windows7-x64

3

SAMP/SAMP.ide

windows10-2004-x64

3

SAMP/SAMP.img

windows7-x64

3

SAMP/SAMP.img

windows10-2004-x64

3

SAMP/SAMP.ipl

windows7-x64

3

SAMP/SAMP.ipl

windows10-2004-x64

3

SAMP/SAMPCOL.img

windows7-x64

3

SAMP/SAMPCOL.img

windows10-2004-x64

3

SAMP/blanktex.txd

windows7-x64

3

SAMP/blanktex.txd

windows10-2004-x64

3

SAMP/custom.img

windows7-x64

3

SAMP/custom.img

windows10-2004-x64

3

SAMP/samaps.txd

windows7-x64

3

SAMP/samaps.txd

windows10-2004-x64

3

SAMPUninstall.exe

windows7-x64

7

SAMPUninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...al.ini

windows10-2004-x64

1

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SAMP/samaps.txd

  • Size

    640KB

  • MD5

    e0fdfd9fbe272baa9284e275fb426610

  • SHA1

    d64ba932095df01aec31255147078d8820f500df

  • SHA256

    d7a10e2d6497865377f61061abc13c5b7d1c81f8471410c80191640e04948285

  • SHA512

    81f1c09b649776c935559d420214e9543c1e7a9690a79de43a06df03af6dd54151755e010ea9d06a33058ab5743b30a27816d35f6729657439c6251ee19f1122

  • SSDEEP

    12288:RVghsoZfX3GnUKMiFnGWOKPzP0Intv+LecSVNjIaS4MzB8wdqhPmbxE1fJ:7UZuiikWOKRtGLecqIntB8wFsR

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SAMP\samaps.txd
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SAMP\samaps.txd
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SAMP\samaps.txd"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    20d06fd3a7a70d12643c4b6afe3bd3cd

    SHA1

    8b66c4b62229c5a934420dce68115e39934ef651

    SHA256

    2d12d3ae2cff01b9ac2f899023e166e6b32ec18a9dea987d1549a2602d801bbf

    SHA512

    33eed86de1ea7ed3a4bef5f11301f32d5f068521f5a7a7742d45a747f7fe14e0482e0b4f5497c06b1f0fb081b50eff252f38c9cdd18b6a963624ebe0e6082cd8

    Download Submit