Overview

overview

3

Static

static

1

HORIZON_VAULT.zip

windows11-21h2-x64

1

100-+.cfg

windows11-21h2-x64

3

110.cfg

windows11-21h2-x64

3

120.cfg

windows11-21h2-x64

3

130.cfg

windows11-21h2-x64

3

140.cfg

windows11-21h2-x64

3

150.cfg

windows11-21h2-x64

3

200 PING.cfg

windows11-21h2-x64

3

50 ping blatant.cfg

windows11-21h2-x64

3

50 ping se...it.cfg

windows11-21h2-x64

3

70.cfg

windows11-21h2-x64

3

90.cfg

windows11-21h2-x64

3

@@@cocacw.cfg

windows11-21h2-x64

3

@@cocacw.cfg

windows11-21h2-x64

3

BLOODINHERMOUTH.cfg

windows11-21h2-x64

3

HIGH PING AF.cfg

windows11-21h2-x64

3

UW.cfg

windows11-21h2-x64

3

WOW.cfg

windows11-21h2-x64

3

aaa.cfg

windows11-21h2-x64

3

cocacw best cfgs.cfg

windows11-21h2-x64

3

cocacwaa.cfg

windows11-21h2-x64

3

config plug.cfg

windows11-21h2-x64

for a nigg... 2.cfg

windows11-21h2-x64

3

for a nigg... 3.cfg

windows11-21h2-x64

3

for a nigg...xy.cfg

windows11-21h2-x64

3

ggs.cfg

windows11-21h2-x64

3

low ping.cfg

windows11-21h2-x64

3

ue.cfg

windows11-21h2-x64

3

uhuh.cfg

windows11-21h2-x64

3

urlegitscfgsir.cfg

windows11-21h2-x64

3

yeye.cfg

windows11-21h2-x64

3

yourcfg.cfg

windows11-21h2-x64

3

Analysis

  • max time kernel
    91s
  • max time network
    121s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28-03-2024 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WOW.cfg

  • Size

    356B

  • MD5

    0c07be9d09078a797839bb9fee5a03c2

  • SHA1

    a43bc1c9706aef975c24a0d3dcdce6e830b96f52

  • SHA256

    470ab04f6b6e66d5e2e08dc11df6e5d470f54324612a40ce8908ab6e102391bc

  • SHA512

    675b5e9f7e8e89438d9b655a069dc2f1fbefeeae4fb544a47a7361cd20f9b56641f37bbbf040bf593dd634e6b702483152db70df84b056db4cb836f50c3532ad

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\WOW.cfg
    1⤵
    • Modifies registry class
    PID:3724
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads