Analysis

  • max time kernel
    380s
  • max time network
    437s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-fr
  • resource tags

    arch:x64arch:x86image:win10-20240404-frlocale:fr-fros:windows10-1703-x64systemwindows
  • submitted
    27-04-2024 11:57

General

  • Target

    Paid Combo Tools/Combo List Tools.pdb

  • Size

    203KB

  • MD5

    0a7bb36a69518e8538a14e4586bea045

  • SHA1

    2b7042e9c3915b722ce23df90517a06908caa93b

  • SHA256

    575ff4fe54b0ac77a4a6afabcd9e59460328242d2b89651130f7b0dc2537ec28

  • SHA512

    36b264025bb0f0ec2c0db1f1b1724d3a32474be735e3c232caa998beba02bd38b78d74f3ff6a11aa705dd205b134dc51df095d36d43243430baf271c1016d642

  • SSDEEP

    1536:QjVDjR4l/8q/dzkqGY3Jl5WKY6dix1rusXOtzZY3u57mHnjEY4FUohUB//8btaYj:QjV4/5jJjRAPJU7mHromB//5yb5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Paid Combo Tools\Combo List Tools.pdb"
    1⤵
    • Modifies registry class
    PID:164
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1964

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads