Overview

overview

3

Static

static

1

HORIZON_VAULT.zip

windows11-21h2-x64

1

100-+.cfg

windows11-21h2-x64

3

110.cfg

windows11-21h2-x64

3

120.cfg

windows11-21h2-x64

3

130.cfg

windows11-21h2-x64

3

140.cfg

windows11-21h2-x64

3

150.cfg

windows11-21h2-x64

3

200 PING.cfg

windows11-21h2-x64

3

50 ping blatant.cfg

windows11-21h2-x64

3

50 ping se...it.cfg

windows11-21h2-x64

3

70.cfg

windows11-21h2-x64

3

90.cfg

windows11-21h2-x64

3

@@@cocacw.cfg

windows11-21h2-x64

3

@@cocacw.cfg

windows11-21h2-x64

3

BLOODINHERMOUTH.cfg

windows11-21h2-x64

3

HIGH PING AF.cfg

windows11-21h2-x64

3

UW.cfg

windows11-21h2-x64

3

WOW.cfg

windows11-21h2-x64

3

aaa.cfg

windows11-21h2-x64

3

cocacw best cfgs.cfg

windows11-21h2-x64

3

cocacwaa.cfg

windows11-21h2-x64

3

config plug.cfg

windows11-21h2-x64

for a nigg... 2.cfg

windows11-21h2-x64

3

for a nigg... 3.cfg

windows11-21h2-x64

3

for a nigg...xy.cfg

windows11-21h2-x64

3

ggs.cfg

windows11-21h2-x64

3

low ping.cfg

windows11-21h2-x64

3

ue.cfg

windows11-21h2-x64

3

uhuh.cfg

windows11-21h2-x64

3

urlegitscfgsir.cfg

windows11-21h2-x64

3

yeye.cfg

windows11-21h2-x64

3

yourcfg.cfg

windows11-21h2-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28-03-2024 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    100-+.cfg

  • Size

    354B

  • MD5

    6c0cd33c0f580f9c1c8ff2eddddd274f

  • SHA1

    e62cc71e35e064660168a2996a218b42245713aa

  • SHA256

    685b85ce0c0c91b0355f147b855c5a55a5abec3360f3c521f85b3b1fd8c479f6

  • SHA512

    2001243ffd172cbe913456d125f47036c0dbd273e1ae7e2475d02c95c17407cb11850f47c8653df911c4de3f4aa98a5f480f15d2bdd162ef420841757039dded

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\100-+.cfg
    1⤵
    • Modifies registry class
    PID:1472
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads