Overview

overview

7

Static

static

7

mc chet/Project4.dll

windows7-x64

1

mc chet/Project4.dll

windows10-2004-x64

1

mc chet/Pr...hl.exe

windows7-x64

7

mc chet/Pr...hl.exe

windows10-2004-x64

7

out.exe

windows7-x64

3

out.exe

windows10-2004-x64

3

mc chet/injmthd.ini

windows7-x64

1

mc chet/injmthd.ini

windows10-2004-x64

1

mc chet/mycfg.cfg

windows7-x64

3

mc chet/mycfg.cfg

windows10-2004-x64

3

mc chet/shiza.dll

windows7-x64

1

mc chet/shiza.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    34s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-03-2024 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mc chet/mycfg.cfg

  • Size

    22KB

  • MD5

    5c8b2bf2a318bbe97d82b0625b87b4d9

  • SHA1

    e63e672129412bb01f54bbffb019f244042ba726

  • SHA256

    c26be3a07e6bbcc60a1cec7e4e861cd05debb4dc9c52317c24bcae5c2ab6c46c

  • SHA512

    1dbb727001c607863020faccc026fccf4d8561c315d1d2c89382a09067ca0a3e2068beae797a6e2c58ca0f2b4498e740196cc5920af4f6ac777fd7a7d3cf7688

  • SSDEEP

    384:CXBuTPXYmxiBKzH+HEPKybhSAarQrI7LgSw:LSAartzw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\mc chet\mycfg.cfg"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\mc chet\mycfg.cfg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\mc chet\mycfg.cfg"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    dc00e1991430ed0e263e74a1929a5826

    SHA1

    b95978f0c22a1f3e0bdbf05ec98308f61913c323

    SHA256

    189c8cc3d01eef5140ab0437b067feab52daed39df0c624039fab579294ec041

    SHA512

    e9b0ff42c6e81e0f68dd8801fb4139fe3f309dd2cfd01d56c53917e00e8f6328dca5c04cec9cfb044d752fa6f94ca939bd3706a2f460556d525e1142be52b26a

    Download Submit