Overview

overview

3

Static

static

1

Unconfirme...wnload

windows7-x64

3

Unconfirme...wnload

windows10-2004-x64

3

Analysis

  • max time kernel
    1434s
  • max time network
    1177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2024 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Unconfirmed 361706.crdownload

  • Size

    16KB

  • MD5

    a683ce8842677a44a46c44d66a2686ae

  • SHA1

    a3da18f801d03d659b4fa28a03e91a52b78868df

  • SHA256

    fb2e430884d3a71604aeb2b8643d42a85215d9145bc7791bef3ef70c85b68ec8

  • SHA512

    7bc639233698d9bf48329a8e64ea6b481dba3959c2e22c0f87b353d770bd73dfd82ce867bc0c23b07d038102d10afa173272ff2e2261726e10941d659eefad5a

  • SSDEEP

    384:dq4F4xuFtb5+Nxt/ZtNNxuQOq/9rQdIu2/L1anjZ:7ixotWxllNFn/cIv/onN

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 361706.crdownload"
    1⤵
    • Modifies registry class
    PID:5000
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:560
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:916
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1552

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      658e9c12cfca9671360c93b4eab2924a

      SHA1

      a132d8b0fda3be9e05efcc40a27166c71ce1884f

      SHA256

      82d6ebec709a51d57f72218be59cd15eec64c92e10cdea4fd5ae92ca9c700f41

      SHA512

      b638b3ce9466779cba21b13da5c77da55b5fe7c116dece21c7239ce8809cd6d5791f0555b4f5868336fa714cc545c3b354ca020edced627c36e3e6db3206315d

      Download Submit

    • memory/1552-40-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-33-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-42-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-34-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-35-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-36-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-37-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-38-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-43-0x0000027FE7E60000-0x0000027FE7E61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-0-0x0000027FDFB40000-0x0000027FDFB50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1552-68-0x0000027FE80B0000-0x0000027FE80B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-32-0x0000027FE8210000-0x0000027FE8211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-39-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-44-0x0000027FE7E50000-0x0000027FE7E51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-46-0x0000027FE7E60000-0x0000027FE7E61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-49-0x0000027FE7E50000-0x0000027FE7E51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-52-0x0000027FE7D90000-0x0000027FE7D91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-16-0x0000027FDFC40000-0x0000027FDFC50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1552-64-0x0000027FE7F90000-0x0000027FE7F91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-66-0x0000027FE7FA0000-0x0000027FE7FA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-67-0x0000027FE7FA0000-0x0000027FE7FA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1552-41-0x0000027FE8230000-0x0000027FE8231000-memory.dmp

      Filesize

      4KB

      Download