Analysis
-
max time kernel
380s -
max time network
437s -
platform
windows10-1703_x64 -
resource
win10-20240404-fr -
resource tags
arch:x64arch:x86image:win10-20240404-frlocale:fr-fros:windows10-1703-x64systemwindows -
submitted
27-04-2024 11:57
Behavioral task
behavioral1
Sample
Paid Combo Tools.rar
Resource
win10-20240404-fr
Behavioral task
behavioral2
Sample
Paid Combo Tools/Combo List Tools.pdb
Resource
win10-20240404-fr
Behavioral task
behavioral3
Sample
Paid Combo Tools/Paid combo Tools.exe
Resource
win10-20240404-fr
Behavioral task
behavioral4
Sample
Paid Combo Tools/SkinSoft.VisualStyler.dll
Resource
win10-20240404-fr
General
-
Target
Paid Combo Tools/Combo List Tools.pdb
-
Size
203KB
-
MD5
0a7bb36a69518e8538a14e4586bea045
-
SHA1
2b7042e9c3915b722ce23df90517a06908caa93b
-
SHA256
575ff4fe54b0ac77a4a6afabcd9e59460328242d2b89651130f7b0dc2537ec28
-
SHA512
36b264025bb0f0ec2c0db1f1b1724d3a32474be735e3c232caa998beba02bd38b78d74f3ff6a11aa705dd205b134dc51df095d36d43243430baf271c1016d642
-
SSDEEP
1536:QjVDjR4l/8q/dzkqGY3Jl5WKY6dix1rusXOtzZY3u57mHnjEY4FUohUB//8btaYj:QjV4/5jJjRAPJU7mHromB//5yb5
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
OpenWith.exepid process 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe 1964 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Paid Combo Tools\Combo List Tools.pdb"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx