Malware Analysis Report

2025-08-05 09:46

Sample ID 240419-l9n39sfb99
Target 7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf
SHA256 7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd
Tags
mirai
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd

Threat Level: Known bad

The file 7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf was found to be: Known bad.

Malicious Activity Summary

mirai

Mirai family

Enumerates physical storage devices

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-19 10:14

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-19 10:14

Reported

2024-04-19 10:15

Platform

win7-20240221-en

Max time kernel

24s

Max time network

19s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\elf_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\elf_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\elf_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\.elf C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\.elf\ = "elf_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\elf_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\elf_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000_CLASSES\elf_auto_file C:\Windows\system32\rundll32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7e0bf0d134364afa456b6d36c133aa22647e0618d91d0ce01b459558f24f92fd.elf"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 e72c1779e9a9d840b7eba1411dcf9013
SHA1 b82aecf08175cf994b9b811cc2947d916699dea5
SHA256 a331c616c9cc1690621f95363f8d24bdcc9b9c00692a209767d762ff367e1857
SHA512 3a756667f78d04740b64bf6ae1aa10e68adafb2fceafa06c93fee0f1c444bd8a52869550a6b1e0368fc9a831871beed32aad5f977683f866587b8869f3f0221a