Overview

overview

3

Static

static

1

14 الف ...ة.txt

windows11-21h2-x64

3

14 الف ...ة.txt

debian-12-armhf

Resubmissions

05-03-2024 20:00

240305-yq739aga3v 9

05-03-2024 19:42

240305-yevc1sfd8v 6

05-03-2024 19:37

240305-yb993afc7s 1

05-03-2024 19:36

240305-ybajfafc31 1

05-03-2024 19:33

240305-x9h3ssgb64 1

05-03-2024 19:32

240305-x9bnqafb5w 1

05-03-2024 19:32

240305-x84ywafb5s 3

05-03-2024 19:29

240305-x7cs1afa7y 3

05-03-2024 19:25

240305-x5bsxsga34 3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-03-2024 19:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14 الف طريقة.txt

  • Size

    429KB

  • MD5

    124e27f20c2eaf1aa34ba40f452d293d

  • SHA1

    357d796b9ec96ecaa1519abfa0ca19108c56d230

  • SHA256

    29bcc5b6c2170771e8976f1c898726e466a454f0dcff1b9bfa93f0077d168d1c

  • SHA512

    f47deb1de1d63e56185933a9a3cda1154b54db30af6fc7f331cdc67a468ddb589e1c1876b02bea8b3abd32c03a768c9d0e0011cfacb2b01ef41a24d40caa274b

  • SSDEEP

    6144:cKGKHKncAcscQXyXAYJI0CJEFdBgU8E0HZmFaqcscCHZmFaqcsc12jBgiGq9:yoiqyl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\14 الف طريقة.txt"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\14 الف طريقة.txt
      2⤵
        PID:1488

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads