Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06-03-2024 04:23
General
-
Target
REREREREREREDDDDDDDDNONONO.torrent
-
Size
209KB
-
MD5
51843e655ac4fb021058f10ce3c856c3
-
SHA1
295f97816acbc368f5965d4c767874861f0a93eb
-
SHA256
7779e8956d0a9ab29dd5a79ed55a285367a9e9c20c90623bec4ca7f6f4002a36
-
SHA512
521dd5530a2038c011f27f4868c3c9479aca26d66a39ce6b565a51df33a7062cf9e67dc2649df93f0a441a6363f88682e410e10f9a7ae1e7328c1d03f21a4971
-
SSDEEP
6144:tIzeHUWbX7V8IdDLM4AXwQbQXp+y+biBCVndSj2E:tQS7qgBQwQUQX2CAj2E
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\REREREREREREDDDDDDDDNONONO.torrent1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\REREREREREREDDDDDDDDNONONO.torrent2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\REREREREREREDDDDDDDDNONONO.torrent"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5569321e151d4143402c8b08340b99580
SHA1290e7bbded7a8e021963fac4cef9e4b3d3203ba1
SHA25673576cb49432d7341462bc08e86db5c2bb339737c9e5d514b1d9a89a96f575e0
SHA512550b293ec17a68748de7fd456e7da4ec68d8f1246c090849fcd5061aefe4b7afb2c88f8355d2ac4e89093a19fb904ea5912e40b587958b0517e80cc34f7f13e1