Overview

overview

7

Static

static

3

GalaxiaViva.exe

windows7-x64

7

GalaxiaViva.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows7-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

7

LICENSE.electron.txt

windows7-x64

1

LICENSE.electron.txt

windows10-2004-x64

1

chrome_100...nt.pak

windows7-x64

3

chrome_100...nt.pak

windows10-2004-x64

3

icudtl.dat

windows7-x64

3

icudtl.dat

windows10-2004-x64

3

locales/af.pak

windows7-x64

3

locales/af.pak

windows10-2004-x64

3

locales/am.pak

windows7-x64

3

locales/am.pak

windows10-2004-x64

3

locales/ar.pak

windows7-x64

3

locales/ar.pak

windows10-2004-x64

3

locales/bg.pak

windows7-x64

3

locales/bg.pak

windows10-2004-x64

3

locales/bn.pak

windows7-x64

3

locales/bn.pak

windows10-2004-x64

3

locales/ca.pak

windows7-x64

3

locales/ca.pak

windows10-2004-x64

3

locales/cs.pak

windows7-x64

3

locales/cs.pak

windows10-2004-x64

3

locales/da.pak

windows7-x64

3

locales/da.pak

windows10-2004-x64

3

locales/el.pak

windows7-x64

3

locales/el.pak

windows10-2004-x64

3

Resubmissions

09/04/2024, 22:11 UTC

240409-131wtaea38 8

09/04/2024, 21:43 UTC

240409-1k5r2scg65 7

09/04/2024, 21:18 UTC

240409-z5mxasbe59 7

06/04/2024, 10:55 UTC

240406-mz7nashc59 8

06/04/2024, 10:41 UTC

240406-mrjaqsgd6z 7

Analysis

  • max time kernel
    121s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 10:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    locales/cs.pak

  • Size

    377KB

  • MD5

    3e2c49143f4718ddd9c1c74f8599fac2

  • SHA1

    7cce45de66a3895c3493b998fef7bedf045b29e2

  • SHA256

    08e40f5efc616cdc0588fb4b1a706d997c69d17ddaf97eb91a4aabafaa11cee6

  • SHA512

    a849ca0d09e0d4c025d9de6c8008c13e13581961c321f53a552deeaa210db891914386fd51673615aec8b5d8d68a921a968db5d0fe447963892ceb0948861e3d

  • SSDEEP

    6144:QhKH/gwYPl/XACAjRe15q8+Y1zAXn5q8QM:9fgdPl/Q3e15q8+Y1AXnF

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\locales\cs.pak
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\locales\cs.pak
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\locales\cs.pak"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    6ac0e7ecff345475b9d66ced18a2f264

    SHA1

    224c6a03c25089f2265cbb008953d3227edfc6c9

    SHA256

    3762ac805bee52a0a19bb7b549b5cb75af40b41da7b79e51b1bdb99d70a78dcf

    SHA512

    3ffaa6deb56921a8a12889abe3fe1021af4d64ddc0db0fb0980f99e39c34162abcaec96ec18e384ad3427a0aa18132ba0d0c4b788b716224694249c984ac66e8

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.