Analysis

  • max time kernel
    34s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2024, 21:14 UTC

General

  • Target

    TeddyPcFiles/config.json

  • Size

    99B

  • MD5

    668a1b746e7bce9ff92bcf04fecb2014

  • SHA1

    83d39ef8457d8c03c7e2dff8db688833fe4eb495

  • SHA256

    c5ed2b2dcbda5dc58f8c1ad7652f0c7e0432d5900683b798b72970065817cdb8

  • SHA512

    2b11a3f36223088b203ceae4d1207f1100a6cbb44556e235f82dc4c5ea0d32798800a3b41b99f57e6a30d9a47d773f0bb1b4ca62dff8c9a00be87afbdc3a1208

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\config.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\config.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\config.json"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    a3d0f313c083cb3046982991ebe93342

    SHA1

    346372c385a167fa1ff9178d2b869fcceb76d670

    SHA256

    ecb36cc15805e6315916e439371ff6a6dbf7359ed8d4c078f0a1417c993865d1

    SHA512

    b3ba0307f012b9ca10ad332d717db02be7d49b10e4b9d2d1d12ccfa95e678d1f0acb9f8f3d206c40b67cf7f2208c298aa5e71766dbc234a76bd40813aee7fd28

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.