Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/04/2024, 18:55

General

  • Target

    REALEcliptic_Build_4.0.5/config.cfg

  • Size

    252B

  • MD5

    a3493d169d199224377f9c56bf480e72

  • SHA1

    0c6aa9694d5a9d729cc76f128f1fc9ac1f042d7c

  • SHA256

    69018e16bf06c80ff707ebf4cc10b03866acac14fc42eff982ff6fe94906bb95

  • SHA512

    dee7b4cf599b9a179de27a68db732ab0bd343b3d0e2e733258cc371a058a316dca0b21ee40645fc4566f2a3e8dfe1fb06996b129974d8751f19a1a4cb102db25

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\REALEcliptic_Build_4.0.5\config.cfg
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\REALEcliptic_Build_4.0.5\config.cfg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\REALEcliptic_Build_4.0.5\config.cfg"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2600

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          b6b2eb4b1601380833b74375354cc4f6

          SHA1

          50d7bc8a7b19f07dcd267c6fa459828647f7d474

          SHA256

          118f408a05e2186a8ecfde91feccb7e98745676f31ff71fc2dc51879e0cfec88

          SHA512

          a0a38cdb7d092d0789a2c70d44b765f0bd48fc1f58ac53769149a16afebdb45c19a6968828a5bcab0735eb83d31ebda77bbbab5ee5151a3247c112c20418f0fa