Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
17/04/2024, 13:58
General
-
Target
conf/language_pl.properties
-
Size
8KB
-
MD5
37dc1efbd4a4cfcbb17e6e380b285c9b
-
SHA1
4a0a3443c2d1e77ee92dbd3070f3fd934d30b052
-
SHA256
36a6f88f591e8afb9a9d6b590446a93cbbfe11f9504047e9379943bc8ab0f57c
-
SHA512
16f47245da25a62a2ccd4d95bac2e53d1528f3e34e9dd98a23b2f079d6922336c0ac326aa462c9440d1f68e51bd05d43b6dfbd2f9eb49083cc6413bfae607f0f
-
SSDEEP
192:Qy96U8WlAuOMrYLXWUcOECXbASDGkx2cWYq0M3G1ASIzY:h1Dl5OMrIXWUcOEgbBGkxJWYq0M3M3r
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\conf\language_pl.properties1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\conf\language_pl.properties2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\conf\language_pl.properties"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5e933cbca61bad680589af4fda8e7daab
SHA141b697393c495813320532af2abeea8c37abb57e
SHA256ee00b1c5ebfa572c75340645a035100ce8f83e7e8eb75df535336147a71ec16c
SHA5121a2cb2dea50958c1b53fe9e27a42f8f3c4564ba1b2fc2c922eb941d33880b57bb97fe48a8dc1ca6fd47dbdfe3295f6011a68eb255bf67721802346238b5a74fe