Overview

overview

7

Static

static

3

MerekV3.08_Lite.rar

windows7-x64

4

MerekV3.08_Lite.rar

windows10-2004-x64

7

MerekV3.08...DME.md

windows7-x64

3

MerekV3.08...DME.md

windows10-2004-x64

3

MerekV3.08...10.pyc

windows7-x64

3

MerekV3.08...10.pyc

windows10-2004-x64

3

MerekV3.08...ts.bat

windows7-x64

1

MerekV3.08...ts.bat

windows10-2004-x64

1

MerekV3.08...10.pyc

windows7-x64

3

MerekV3.08...10.pyc

windows10-2004-x64

3

MerekV3.08...bot.py

windows7-x64

3

MerekV3.08...bot.py

windows10-2004-x64

3

MerekV3.08...st.zip

windows7-x64

1

MerekV3.08...st.zip

windows10-2004-x64

1

best/.data...ion_id

windows7-x64

1

best/.data...ion_id

windows10-2004-x64

1

best/byteorder

windows7-x64

1

best/byteorder

windows10-2004-x64

1

best/data.pkl

windows7-x64

3

best/data.pkl

windows10-2004-x64

3

best/data/0

windows7-x64

1

best/data/0

windows10-2004-x64

1

best/data/1

windows7-x64

1

best/data/1

windows10-2004-x64

1

best/data/10

windows7-x64

1

best/data/10

windows10-2004-x64

1

best/data/100

windows7-x64

1

best/data/100

windows10-2004-x64

1

best/data/101

windows7-x64

1

best/data/101

windows10-2004-x64

1

best/data/102

windows7-x64

1

best/data/102

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 14:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MerekV3.08 Lite/Merek Aimbot/README.md

  • Size

    752B

  • MD5

    f8238688955ceec65b8a30c8c803d942

  • SHA1

    e03ecc55bcf254bae6801cdb0d351854b21a7739

  • SHA256

    38c0d0c16fb615672b9c5635bfcdc569670deb4194d16fdb87585a7a813aac21

  • SHA512

    d55794aee2beae7e892b03843b3837ffd4de91f72b33054c9516e8c5434f106e732800a1ded9f40d3445f469fad808815695956fe374a6a0da927dda1175b740

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\MerekV3.08 Lite\Merek Aimbot\README.md"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\MerekV3.08 Lite\Merek Aimbot\README.md
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\MerekV3.08 Lite\Merek Aimbot\README.md"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2596

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          a8dbaa91fbba92b1cbd8e01c761d4360

          SHA1

          ec212c930466061f3ecc00d36334994191c75019

          SHA256

          79a19189f45312fc6e4e49d536eb73f77c9350eaa243789befed2cadac0621de

          SHA512

          1bb09c39dd9958f1aa86eae510436a24866e9e1a0bf2975f3e249489843ec34e2f29230fdceea2e34e0a439eaa804f914b5b018c739b9ff7d40bac99f3a9217e

          Download Submit