Overview

overview

6

Static

static

6

mobikin-er...id.exe

windows7-x64

4

mobikin-er...id.exe

windows10-2004-x64

4

Driver/goo...er.zip

windows7-x64

1

Driver/goo...er.zip

windows10-2004-x64

1

I18n/de_DE/strings.mo

windows7-x64

3

I18n/de_DE/strings.mo

windows10-2004-x64

3

I18n/en_US/strings.mo

windows7-x64

3

I18n/en_US/strings.mo

windows10-2004-x64

3

I18n/es_ES/strings.mo

windows7-x64

3

I18n/es_ES/strings.mo

windows10-2004-x64

3

I18n/fr_FR/strings.mo

windows7-x64

3

I18n/fr_FR/strings.mo

windows10-2004-x64

3

I18n/it_IT/strings.mo

windows7-x64

3

I18n/it_IT/strings.mo

windows10-2004-x64

3

I18n/ja_JP/strings.mo

windows7-x64

3

I18n/ja_JP/strings.mo

windows10-2004-x64

3

I18n/pt_PT/strings.mo

windows7-x64

3

I18n/pt_PT/strings.mo

windows10-2004-x64

3

I18n/zh_CN/strings.mo

windows7-x64

3

I18n/zh_CN/strings.mo

windows10-2004-x64

I18n/zh_TW/strings.mo

windows7-x64

3

I18n/zh_TW/strings.mo

windows10-2004-x64

3

License/li...br.txt

windows7-x64

1

License/li...br.txt

windows10-2004-x64

1

License/li...cn.txt

windows7-x64

1

License/li...cn.txt

windows10-2004-x64

1

License/li...de.txt

windows7-x64

1

License/li...de.txt

windows10-2004-x64

1

License/li...es.txt

windows7-x64

1

License/li...es.txt

windows10-2004-x64

1

License/li...fr.txt

windows7-x64

1

License/li...fr.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 06:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    I18n/zh_CN/strings.mo

  • Size

    25KB

  • MD5

    2fba4b79937ba3c9e94e3955059798a0

  • SHA1

    91e513ff8c9ecd6d1bfdab7659a549015b64a0c4

  • SHA256

    2bc340a210f642737833bf22c67db1c55d86949758354111db055e0a7ca8ab18

  • SHA512

    5e905ae5f1384d7f1d48b5789ededc5f9d219388b5b50a0d47cf34afee489fd817990de08f81fc67ddee3fe72b00170d2b92c3affd525420e7d4a77b6b97c89b

  • SSDEEP

    768:bJtjDOl0j0Foxuh6e3308cwEIyrYdde2zVD1th4fjGkC:rae3uh6e337xKji

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\I18n\zh_CN\strings.mo
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\I18n\zh_CN\strings.mo
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\I18n\zh_CN\strings.mo"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2452

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          859e4d73a0a1212654e77a84f3d6016b

          SHA1

          cecb64d48f1c03b49239e219217990daa8764d77

          SHA256

          a5b1d9dd0308910bb95e8d171394887a79e26eb801f134779529de8128d1ce17

          SHA512

          cd1cb97d164fae677b1d510f01a854e4157928abf09a33d71c576ca4f30b2b0eb2dabe27c197659fa8b889d817c05003b1d3b60ee36f8c6fe1393058bf05659f

          Download Submit