Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-04-2024 10:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Secured.rar
Resource
win7-20231129-en
4 signatures
300 seconds
Behavioral task
behavioral2
Sample
Secured.rar
Resource
win10v2004-20240412-en
33 signatures
300 seconds
General
-
Target
Secured.rar
-
Size
739KB
-
MD5
ef56c7500fa4341f60af74e8d81022c4
-
SHA1
67e072fa9cf296e4e2547e167444e3d667df9918
-
SHA256
a7720638aee803b36ede0135b593d476a86706174e2b2657975cc631e4368ff2
-
SHA512
90c8aa0b9b8b4faa52d300d24976f31d1285d3dfed446416d7da442b192264ead3ab97e64edb100df0b560b6dcd01f66671d24be3587bda3fef98d1b5d034eb9
-
SSDEEP
12288:YqlwtcEQtnhBQN8ud/p17/B2DpjJ92Ycp8oYuZUWqB265UlktJ02Algzre2Vlx8T:3+iEWnhBMTvjB2DpjzQ9UWCUkX8F27xC
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
rundll32.exepid process 3012 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1684 wrote to memory of 3012 1684 cmd.exe rundll32.exe PID 1684 wrote to memory of 3012 1684 cmd.exe rundll32.exe PID 1684 wrote to memory of 3012 1684 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Secured.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Secured.rar2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam