Overview

overview

3

Static

static

1

cc818de3ef...2b.jad

windows7-x64

3

cc818de3ef...2b.jad

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2024 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cc818de3efeea02239ba171779d5612b.jad

  • Size

    111KB

  • MD5

    cc818de3efeea02239ba171779d5612b

  • SHA1

    dbc8654869cd419892dc4a483b21242eedeb2b22

  • SHA256

    59b079a0384e4f8436bd86a743b25a7fb60ca7e0a968234810f936502033a3dd

  • SHA512

    d17f676849bd9a08b1e77912629c0237515424051232cf069a27544c4cea72146e566dff15d1129942cb83485d84c51edd93a1860374b68d57376e6b7024ec6d

  • SSDEEP

    3072:FBZZIgMG+6nfTY7wa6OeNsqinnlyNkIQzUTNY0:zIsnfTwiOqgnnIkIvRY0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cc818de3efeea02239ba171779d5612b.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cc818de3efeea02239ba171779d5612b.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cc818de3efeea02239ba171779d5612b.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    952c534347526a9b3c8862d86d9057f1

    SHA1

    9e91b61107c649ff48467c03a2c4c10a245b7438

    SHA256

    41028e86aacd6cc07079db9126cd8740246412863b0f46f37ec670e41538de62

    SHA512

    a6b5deb20ed4c97680ba66ad4cb98d0ae2f2475f121cb7e7b23c72757659065a13573796cc22873a9f1dde6961e664802fae0302ed7cc0e559f5a8c62c767fcb

    Download Submit