Overview

overview

7

Static

static

3

oblivion.rar

windows7-x64

3

oblivion.rar

windows10-2004-x64

7

oblivion/x...42.pdb

windows7-x64

3

oblivion/x...42.pdb

windows10-2004-x64

3

oblivion/x...43.idb

windows7-x64

3

oblivion/x...43.idb

windows10-2004-x64

3

oblivion/x...43.pdb

windows7-x64

3

oblivion/x...43.pdb

windows10-2004-x64

3

oblivion/x...1.tlog

windows7-x64

3

oblivion/x...1.tlog

windows10-2004-x64

3

oblivion/x...1.tlog

windows7-x64

3

oblivion/x...1.tlog

windows10-2004-x64

3

oblivion/x...1.tlog

windows7-x64

3

oblivion/x...1.tlog

windows10-2004-x64

3

oblivion/x...s.tlog

windows7-x64

3

oblivion/x...s.tlog

windows10-2004-x64

3

oblivion/x...dstate

windows7-x64

3

oblivion/x...dstate

windows10-2004-x64

3

oblivion/x...u.tlog

windows7-x64

3

oblivion/x...u.tlog

windows10-2004-x64

3

oblivion/x...1.tlog

windows7-x64

3

oblivion/x...1.tlog

windows10-2004-x64

3

oblivion/x...1.tlog

windows7-x64

3

oblivion/x...1.tlog

windows10-2004-x64

3

oblivion/x...1.tlog

windows7-x64

3

oblivion/x...1.tlog

windows10-2004-x64

3

oblivion/x...u.tlog

windows7-x64

3

oblivion/x...u.tlog

windows10-2004-x64

3

oblivion/x...se.log

windows7-x64

1

oblivion/x...se.log

windows10-2004-x64

1

oblivion/x...te.txt

windows7-x64

1

oblivion/x...te.txt

windows10-2004-x64

1

Resubmissions

05-04-2024 21:46

240405-1mqqxaec37 7

05-04-2024 21:45

240405-1l47xadg2w 3

Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-04-2024 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    oblivion/x64/Release/ImGui Lo.82212CF7.tlog/link.write.2u.tlog

  • Size

    394B

  • MD5

    daaa49f2ba950b3596e496809d58585f

  • SHA1

    12fbc1dacc866096c830f90fe1260f59630f9310

  • SHA256

    d60a6f2e6c20c9fa1ced320ae9428fd731b43bab3861cfba11849a4441c51d3c

  • SHA512

    fa46e2c11db9b075ceb6650d6d023183b4bf2d6eac69bdd21b8114a0bdd122e14286470646e02c03a5260045208b63741aafb73428022b51dc3aa9889d4f8fe1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\oblivion\x64\Release\ImGui Lo.82212CF7.tlog\link.write.2u.tlog"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\oblivion\x64\Release\ImGui Lo.82212CF7.tlog\link.write.2u.tlog
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2844
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\oblivion\x64\Release\ImGui Lo.82212CF7.tlog\link.write.2u.tlog"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    ccb6f2cdbc235784effa2eff4d148694

    SHA1

    a045a07e3553bec1d8975f4b589b175c6bba01e9

    SHA256

    68fe6b5150adc5291f0f4794717a0e360441d321c30e1b82afc21c293b530962

    SHA512

    50e9c37f65a75efcd1b2645c28efd265f2361f0a7d2b5d0562077f975e283f8e1c14fd15ab844b3d5a2cbe42b9dda1cd71fc5dafee971e5d151ca820b7ca648c

    Download Submit