Overview

overview

3

Static

static

1

PROD-WebLo...5Z.zip

windows7-x64

1

PROD-WebLo...5Z.zip

windows10-2004-x64

1

Core/diagn...on.txt

windows7-x64

1

Core/diagn...on.txt

windows10-2004-x64

1

Core/diagn...gs.txt

windows7-x64

1

Core/diagn...gs.txt

windows10-2004-x64

1

Core/diagn...on.txt

windows7-x64

1

Core/diagn...on.txt

windows10-2004-x64

1

Core/diagn...gs.txt

windows7-x64

1

Core/diagn...gs.txt

windows10-2004-x64

1

Core/loade...on.txt

windows7-x64

1

Core/loade...on.txt

windows10-2004-x64

1

Core/loade...gs.txt

windows7-x64

1

Core/loade...gs.txt

windows10-2004-x64

1

User (Prim...ug.txt

windows7-x64

1

User (Prim...ug.txt

windows10-2004-x64

1

User (Prim...gs.txt

windows7-x64

1

User (Prim...gs.txt

windows10-2004-x64

1

User (Prim...ts.txt

windows7-x64

1

User (Prim...ts.txt

windows10-2004-x64

1

User (Prim...s.json

windows7-x64

3

User (Prim...s.json

windows10-2004-x64

3

User (Prim...on.txt

windows7-x64

1

User (Prim...on.txt

windows10-2004-x64

1

User (Prim...gs.txt

windows7-x64

1

User (Prim...gs.txt

windows10-2004-x64

1

User (Prim...on.txt

windows7-x64

1

User (Prim...on.txt

windows10-2004-x64

1

User (Prim...gs.txt

windows7-x64

1

User (Prim...gs.txt

windows10-2004-x64

1

User (Prim...e.json

windows7-x64

3

User (Prim...e.json

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 10:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    User (Primary; 8705f821-91c4-44c8-bc63-3128ab519c2a)/cdl-worker-settings.json

  • Size

    270KB

  • MD5

    c83ac5be7fbce9642234ec8b9f167b68

  • SHA1

    1a9b02f11acd751bdbf0512902047f9fde5939e4

  • SHA256

    d4ca66d5a14b69c3e18561ce02cafb0a5118716a14edde9cb6e907f7b8ba295b

  • SHA512

    9b47fe7111599b1d761f7d2249cc0d10e56e4a9918d87e1b893e9ca2bf61f8a4ef3b54341901754667bb0732183a22d947ee17812f9c8e459c28f2093b2a6601

  • SSDEEP

    6144:61fKhR/03A73AM9oA9oyy2NlO6FxtIAcC:Z03A73AM9oA9oYNlaAcC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\User (Primary; 8705f821-91c4-44c8-bc63-3128ab519c2a)\cdl-worker-settings.json"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\User (Primary; 8705f821-91c4-44c8-bc63-3128ab519c2a)\cdl-worker-settings.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\User (Primary; 8705f821-91c4-44c8-bc63-3128ab519c2a)\cdl-worker-settings.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    44d74de99f86c06d89f82b0f6fe682a9

    SHA1

    8df2491e966a49a2710cd4580fec4a1f65c4a18c

    SHA256

    986027fbab25832589a1108d4657b725cb0c642efc9a04cc9422710e38eb2542

    SHA512

    1de98b11951d5b0f3de85ff636ca72bcc3f9f8b2eb7035c685e99df6d4d74e321cf16b2d27633ac9f73cd3cc4e999dfc2ddcbefe07982d8cfe69e1b6c5cee340

    Download Submit