Overview

overview

10

Static

static

1

b3c5e464e4...e3.zip

windows7-x64

1

b3c5e464e4...e3.zip

windows10-2004-x64

1

INVOICE#BU...03.vhd

windows7-x64

3

INVOICE#BU...03.vhd

windows10-2004-x64

3

$RECYCLE.B...2Y.lnk

windows7-x64

3

$RECYCLE.B...2Y.lnk

windows10-2004-x64

3

$RECYCLE.B...CZ.url

windows7-x64

1

$RECYCLE.B...CZ.url

windows10-2004-x64

1

$RECYCLE.B...JO.url

windows7-x64

1

$RECYCLE.B...JO.url

windows10-2004-x64

1

$RECYCLE.B...G6.lnk

windows7-x64

3

$RECYCLE.B...G6.lnk

windows10-2004-x64

3

$RECYCLE.B...O0.cmd

windows7-x64

1

$RECYCLE.B...O0.cmd

windows10-2004-x64

1

$RECYCLE.B...21.txt

windows7-x64

1

$RECYCLE.B...21.txt

windows10-2004-x64

1

$RECYCLE.B...65.vhd

windows7-x64

3

$RECYCLE.B...65.vhd

windows10-2004-x64

3

$RECYCLE.B...2Y.lnk

windows7-x64

3

$RECYCLE.B...2Y.lnk

windows10-2004-x64

3

$RECYCLE.B...CZ.url

windows7-x64

1

$RECYCLE.B...CZ.url

windows10-2004-x64

1

$RECYCLE.B...JO.url

windows7-x64

1

$RECYCLE.B...JO.url

windows10-2004-x64

1

$RECYCLE.B...G6.lnk

windows7-x64

3

$RECYCLE.B...G6.lnk

windows10-2004-x64

6

$RECYCLE.B...O0.cmd

windows7-x64

1

$RECYCLE.B...O0.cmd

windows10-2004-x64

10

$RECYCLE.B...65.vhd

windows7-x64

3

$RECYCLE.B...65.vhd

windows10-2004-x64

3

$RECYCLE.B...op.ini

windows7-x64

1

$RECYCLE.B...op.ini

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    25-03-2024 14:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $RECYCLE.BIN/$ITQTF65.vhd

  • Size

    52B

  • MD5

    5c4658d0c26e73e822805cd541661a77

  • SHA1

    45d2b460c1b8395401fd60b26b8f398f5cfbcbf5

  • SHA256

    8f3b7422617b49f01037d7f18aeeec7892d95a804cc220228ded61e3fbb7bb30

  • SHA512

    d8e455d594bf16b279f082aefccb939440619a0da8339534873dfbbddd3cc2880e2f7c6b2fdf9999ee48455b4c139750403ed9b8c2e6c82da0bdeb522b196002

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$RECYCLE.BIN\$ITQTF65.vhd
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\$RECYCLE.BIN\$ITQTF65.vhd
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2504
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\$RECYCLE.BIN\$ITQTF65.vhd"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2684

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    138ff0573be3e545e5ac100689fa2c0e

    SHA1

    d3138323d36a246106a8cd838744b10ca3033944

    SHA256

    311003bf27d5d0ec62c594a9a5e1ddcd3a6035f7968eb9d27a9fa7b1a3893d11

    SHA512

    9983b32c7d5cb52b64cb2fe90505414da2d6bbd01a0b93229d16eefab7ada617ef974266fe19a4c23b1812dff000606d0fb5aed41032142b2a6842470c11c273

    Download Submit