Malware Analysis Report

2024-11-16 12:23

Sample ID 240316-vsg33ahc39
Target Windows.zip
SHA256 28216f94328e942434bc24d7af60ce691f46f2ac5f1381d6ac093d32e65489a5
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

28216f94328e942434bc24d7af60ce691f46f2ac5f1381d6ac093d32e65489a5

Threat Level: Shows suspicious behavior

The file Windows.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Modifies file permissions

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-16 17:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-16 17:14

Reported

2024-03-16 17:17

Platform

win11-20240221-en

Max time kernel

126s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PCToaster.exe"

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre-1.8\bin\javaw.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\PCToaster.exe

"C:\Users\Admin\AppData\Local\Temp\PCToaster.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\PCToaster.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp

Files

memory/4872-0-0x0000000000400000-0x000000000046E000-memory.dmp

memory/1744-5-0x00000165CB510000-0x00000165CC510000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 657f9ce722b1b8842ae6e4a73f693413
SHA1 3c13396f30b3304f83b6b566fcc0aeb0e64cfcc8
SHA256 24c404b88d22153ec4bd9221f8767ca3505b7b11d88e3f175c1aec0a83450a06
SHA512 501cfa15dd20adc6f5c2881687ee536a122ac66036855712eaf627700395f3d6c0059ef44bd24e1edc53c00a73ad464b234528d8286b8cb7507bf90ae0bba419

memory/1744-15-0x00000165C9D10000-0x00000165C9D11000-memory.dmp

memory/1744-16-0x00000165C9D10000-0x00000165C9D11000-memory.dmp

memory/1744-21-0x00000165C9D10000-0x00000165C9D11000-memory.dmp

memory/1744-25-0x00000165C9D10000-0x00000165C9D11000-memory.dmp

memory/1744-27-0x00000165C9D10000-0x00000165C9D11000-memory.dmp

memory/1744-34-0x00000165CB510000-0x00000165CC510000-memory.dmp

memory/1744-33-0x00000165C9D10000-0x00000165C9D11000-memory.dmp

memory/1744-35-0x00000165C9D10000-0x00000165C9D11000-memory.dmp