Overview

overview

10

Static

static

3

attachments.zip

windows7-x64

1

attachments.zip

windows10-2004-x64

1

226350194-...64.rar

windows7-x64

10

226350194-...64.rar

windows10-2004-x64

7

226350194-...64.exe

windows7-x64

10

226350194-...64.exe

windows10-2004-x64

10

Civilhorto...ng.sko

windows7-x64

3

Civilhorto...ng.sko

windows10-2004-x64

3

Ejerkredse...31.don

windows7-x64

3

Ejerkredse...31.don

windows10-2004-x64

3

Ejerkredse...ng.ps1

windows7-x64

8

Ejerkredse...ng.ps1

windows10-2004-x64

8

Sudsers34/...se.ant

windows7-x64

3

Sudsers34/...se.ant

windows10-2004-x64

3

Sudsers34/...ns.oxo

windows7-x64

3

Sudsers34/...ns.oxo

windows10-2004-x64

3

Telekablet...st.txt

windows7-x64

1

Telekablet...st.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 13:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sudsers34/Neoterist/Opslagsbindenes/Oplivelse/indsigelse.ant

  • Size

    50KB

  • MD5

    fe6e4fb43bfcb1e023788a586f9de59d

  • SHA1

    86fc49bf39c949766f9b2601f62cfb8dce864027

  • SHA256

    7f129a12d4e161d5cfaec501713f650008eec3bae6e73928f0383ce2d563e5e1

  • SHA512

    386f7bc255e33f6269208bf68433628f4e4b97ae535dfae238e689e62a5853e549b0cdc7a69d2c8258e668c449056d407b5b186bb42003353f5df6a2166dc757

  • SSDEEP

    768:SrGIR2Rr+h5F/WAwCWXYI+tHdDjhq11G0JrBY2UHZ1z/VyaIvQz:SrGIRIKhz/T90YI69Djh+sPHZRI/Qz

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Sudsers34\Neoterist\Opslagsbindenes\Oplivelse\indsigelse.ant
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Sudsers34\Neoterist\Opslagsbindenes\Oplivelse\indsigelse.ant
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Sudsers34\Neoterist\Opslagsbindenes\Oplivelse\indsigelse.ant"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    af07097eb1c47b8b77df862e7d8e0c35

    SHA1

    94d6c5264856c814fc71a72318fb6467db368cfd

    SHA256

    9a449956d66d791fae6ee8463d79b655f52438f4f9ac8738f47181e4ba20285e

    SHA512

    d3be153f6efdbe36d51ab702b19b783057d2ec770231aff5ec92450ace7115d169f42bf132c4c3b400dd6a0ceb70571e0e12c7045d24a8e6d026f48223148ac6

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.