Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-04-2024 11:03

General

  • Target

    CS2ServerPicker.exe.config

  • Size

    1KB

  • MD5

    4f2e4283d039d3ba0bb9cc1219efdf51

  • SHA1

    1d31ab6731476d51c886035cebb75ea5ee845cfa

  • SHA256

    12d57e10c3974005065473c57b38b36d284da7f827cd089e7cb6de10f4792e41

  • SHA512

    54bb98adb42a812749ff5400c75aea6e644fac63662fd7716b0438449d71f3eeedbea28e6409f8e0bc8a367683c158c0f85250316a82d49d29425f95a1f32789

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\CS2ServerPicker.exe.config
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CS2ServerPicker.exe.config"
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    233bfe675d89493b2221aca5541a3d36

    SHA1

    5ad32b903af7d393b6c84246d8857a61357525e7

    SHA256

    3cc234707e69ca87a32178f4ef13c744abe82c666310eb3eca958641033df310

    SHA512

    4dbcbbcfb68f01effd5aa3f14922aeed32dd175eed91180467d0f832f7d8c271c7fb6d7fd9e057827f8ff98c3c718362a461b641acb441cb1cf248835fc4c538