Overview

overview

3

Static

static

1

cc362f841a...96.jad

windows7-x64

3

cc362f841a...96.jad

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2024 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cc362f841a522fec9107929d37a9c996.jad

  • Size

    546KB

  • MD5

    cc362f841a522fec9107929d37a9c996

  • SHA1

    b93f2e53fff3e5823386dcc12033411c98752d64

  • SHA256

    6ea782e9dfa26390bce9c01fb2db65fdc34d2471ca60d897b15d5bae2c8b2bb1

  • SHA512

    080d6315c07ab2372f464643d8559d0f93605c01b024d64b3adcd63b0e3759036cc98a5225be2e2c2630c0679bfe87fb06f07b7fa45ff49fca0db4f6f6c4f99b

  • SSDEEP

    12288:Cu83neomSPRAKN40JeRss71DBlPHiOJTo5SootvtDPh5Lsnyt:Cu8zm0RpN40J1s71rPHnJs5PGvt/h

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cc362f841a522fec9107929d37a9c996.jad
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cc362f841a522fec9107929d37a9c996.jad
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cc362f841a522fec9107929d37a9c996.jad"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d9ae3120f1f69a680567e81fec3b2e04

    SHA1

    ac90d942450593f39b7a0b0cdfa6836378e78fce

    SHA256

    eb6d13f1fc27217459f5c99f176ee23d3f9c0afe12ad021520453fa75f61e79c

    SHA512

    af0a6225b09d60e0bf1f4811bf361431070d152fcafdb04c63357e77a8f3500310fc8d3adc6161050de7221cdac5a2514883eb09dc6c90837ae62fce0169b9fe

    Download Submit