Overview
overview
10Static
static
10possible malware.zip
windows7-x64
1possible malware.zip
windows10-2004-x64
1Malware-Fe...afa11b
windows7-x64
1Malware-Fe...afa11b
windows10-2004-x64
1Malware-Fe...DME.md
windows7-x64
3Malware-Fe...DME.md
windows10-2004-x64
3Malware-Fe...368967
windows7-x64
1Malware-Fe...368967
windows10-2004-x64
1Malware-Fe...DME.md
windows7-x64
3Malware-Fe...DME.md
windows10-2004-x64
3Malware-Fe...c43893
windows7-x64
1Malware-Fe...c43893
windows10-2004-x64
1Malware-Fe...aaa686
windows7-x64
1Malware-Fe...aaa686
windows10-2004-x64
1Malware-Fe...9f9f90
windows7-x64
1Malware-Fe...9f9f90
windows10-2004-x64
1Malware-Fe...DME.md
windows7-x64
3Malware-Fe...DME.md
windows10-2004-x64
3Malware-Fe...DME.md
windows7-x64
3Malware-Fe...DME.md
windows10-2004-x64
3Malware-Fe...DME.md
windows7-x64
3Malware-Fe...DME.md
windows10-2004-x64
3Malware-Fe...DME.md
windows7-x64
3Malware-Fe...DME.md
windows10-2004-x64
3Malware-Fe...DME.md
windows7-x64
3Malware-Fe...DME.md
windows10-2004-x64
3Malware-Fe...ff77d8
windows7-x64
1Malware-Fe...ff77d8
windows10-2004-x64
1Malware-Fe...f5860a
windows7-x64
1Malware-Fe...f5860a
windows10-2004-x64
1Malware-Fe...aa65d0
windows7-x64
1Malware-Fe...aa65d0
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
13/04/2024, 01:05
Static task
static1
Behavioral task
behavioral1
Sample
possible malware.zip
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
possible malware.zip
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3cb052a7da6cda9609c32b5bafa11b
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3cb052a7da6cda9609c32b5bafa11b
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/README.md
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/README.md
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/9f9027b5db5c408ee43ef2a7c7dd1aecbdb244ef6b16d9aafb599e8c40368967
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral8
Sample
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/9f9027b5db5c408ee43ef2a7c7dd1aecbdb244ef6b16d9aafb599e8c40368967
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/README.md
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/README.md
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/ad8d379a4431cabd079a1c34add903451e11f06652fe28d3f3edb6c469c43893
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/ad8d379a4431cabd079a1c34add903451e11f06652fe28d3f3edb6c469c43893
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/0d0ccfe7cd476e2e2498b854cef2e6f959df817e52924b3a8bcdae7a8faaa686
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/0d0ccfe7cd476e2e2498b854cef2e6f959df817e52924b3a8bcdae7a8faaa686
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/363ea096a3f6d06d56dc97ff1618607d462f366139df70c88310bbf77b9f9f90
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral16
Sample
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/363ea096a3f6d06d56dc97ff1618607d462f366139df70c88310bbf77b9f9f90
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/README.md
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/README.md
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/README.md
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/README.md
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/README.md
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral22
Sample
Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/README.md
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/README.md
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/README.md
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_FASTCASH/README.md
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral26
Sample
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_FASTCASH/README.md
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/4a1fc30ffeee48f213e256fa7bff77d8
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/4a1fc30ffeee48f213e256fa7bff77d8
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/51e9cadeab1b33260c4ccb2c63f5860a
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/51e9cadeab1b33260c4ccb2c63f5860a
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/547440bd037a149ac7ac58bc5aaa65d0
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral32
Sample
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/547440bd037a149ac7ac58bc5aaa65d0
Resource
win10v2004-20240412-en
windows10-2004-x64
General
-
Target
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/README.md
-
Size
72B
-
MD5
0527842fbf758cbe02a4d1417250a3d3
-
SHA1
33ec0d879781a26c800b823d13b6dcd228900be1
-
SHA256
0c8668604e05ae2e1d1d369ae5992f61a0f625e0714730b10b1e13e849f699ca
-
SHA512
b9d49bb1af83ec183eb32e37bad6eafc0726003fff8fa6788a06bf9bbdd16e08e461f90aa063a3e59d08208beedf893750e10fcd1aaa8f77cfacf38a080c53a4
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings cmd.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4544 OpenWith.exe -
Suspicious use of SetWindowsHookEx 31 IoCs
pid Process 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe 4544 OpenWith.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4544 wrote to memory of 1212 4544 OpenWith.exe 88 PID 4544 wrote to memory of 1212 4544 OpenWith.exe 88
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Malware-Feed-master\2020.07.28_FBI-FLASH-MI-000130-MW\README.md1⤵
- Modifies registry class
PID:4456
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4544 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Malware-Feed-master\2020.07.28_FBI-FLASH-MI-000130-MW\README.md2⤵PID:1212
-