Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
28/04/2024, 18:07
General
-
Target
SecHex-Spoofy-main/SecHex-CMDLINE/RPZ-HWID.sln
-
Size
1KB
-
MD5
4248cbd9c877b517894ca47919e20e1c
-
SHA1
ef6b092907d756eb5e216fd5a52915e6940c107f
-
SHA256
a43c6775ae0afee9663f6eef234c0761819afe17873b52d8eafbfe1cfac0ff79
-
SHA512
861d4f982d2f4167add9eacba1817d3cbdabc79dc5aafdcbe3e9528698ee6f2cd7ad9b5325351c5040c1d71a7d791242fa00094f4419268248da20b08d4ebc2e
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\SecHex-Spoofy-main\SecHex-CMDLINE\RPZ-HWID.sln1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SecHex-Spoofy-main\SecHex-CMDLINE\RPZ-HWID.sln2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SecHex-Spoofy-main\SecHex-CMDLINE\RPZ-HWID.sln"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5536c730be5189adeef1f9aae4ea1b836
SHA15b9aa656e5a07c5e745d5290fcbf505fd912c80a
SHA2564dfc700327dd0d77d061c08d0e4ebc4eb4d14120c3a996fd31491b74f715653a
SHA512761a7be6ab60ace7c5de04ea1afed78f22a0a2da0d84b962c6de4b5878319c3254b90e460a60b29223b7ec61c76d5d93b283311a827045d8dab5d3c43310e599