Analysis

  • max time kernel
    24s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 10:14

General

  • Target

    7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf

  • Size

    177KB

  • MD5

    bc9cb0dcda2adca9ef70d10f78198b4e

  • SHA1

    918a9f4c3a791d22cb77461a1000926d98883521

  • SHA256

    7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd

  • SHA512

    f4680fea5c4c3033ff2d64871c8f727c5ba0980b7d7f88894202b103ee16f20382a77a7c7d3a8bf0a8a049cd43b2cb743bded145fd4f1e9fc0194c5ecf342dad

  • SSDEEP

    3072:49rNi/XEmhIjG/SMn5aYzv02q1Y6+c13oBtn7G:49rNuXDfhdMLYg1wtn7G

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2640

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          e72c1779e9a9d840b7eba1411dcf9013

          SHA1

          b82aecf08175cf994b9b811cc2947d916699dea5

          SHA256

          a331c616c9cc1690621f95363f8d24bdcc9b9c00692a209767d762ff367e1857

          SHA512

          3a756667f78d04740b64bf6ae1aa10e68adafb2fceafa06c93fee0f1c444bd8a52869550a6b1e0368fc9a831871beed32aad5f977683f866587b8869f3f0221a