Analysis

  • max time kernel
    133s
  • max time network
    193s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/03/2024, 15:46

General

  • Target

    install/bin/backuptool.sh

  • Size

    4KB

  • MD5

    03f19b5a2ad285a69a5c6d2b5916f38b

  • SHA1

    054e424918d88db798f333cdb6dfc3a24450ce8d

  • SHA256

    4d794a025b703b361799d23892140f3d9d3b880d5b087abcf18d0f49d8e7a25b

  • SHA512

    10331dc77ddfe982366f0343028e0932187826012ee3cad0e78134b8a8cbd982b475b6b8411d00a4c3d80857d65d331d6c7e1c40da631c32a0c3a8579f06e700

  • SSDEEP

    96:xXQNthIz92NBy+X2SlTUU1jkulm7TW45YWYyW+IZmO1goCAHY9aj4qUKPHxavpac:mU8LpXlTUU1jkulm7TW45TP1I4O1vHYl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\install\bin\backuptool.sh
    1⤵
    • Modifies registry class
    PID:2772
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3808
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3952

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

            Filesize

            14KB

            MD5

            1e5735476ba7c6a1d8fc63cf4f76aeec

            SHA1

            5912829acd338f3446cc7d97f056f4021e8f9015

            SHA256

            c743f8e9dcbe8466b74c92c2825a73100fef11b8279f0af6bb8d007af018c80f

            SHA512

            f587f36a5935268992c8bbac013229667c695eb0401906be36b2970efe5e7acbb94db14f519ab1baca6bf09470f29aad88eba4dbce76080f88e99fbc4a62e5f5

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

            Filesize

            14KB

            MD5

            1d1493f23d2f53ebe54388c26827b956

            SHA1

            759ff02cc20ac503801c1aa685aaa029a2d1c48e

            SHA256

            3d1587c82cad40563350c76290db74ffe29865efa5a97db86050fdfb4e5465c0

            SHA512

            4ee911b5111ed32eeb5b97127a17ad4f3cc0691d3a87553b3ea487d0cce1bb072a1492342b1bdea799137457c2f38855aa425fe88ad868a2d695dc136fff533f