Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
29-04-2024 08:20
Behavioral task
behavioral1
Sample
pack.rar
Resource
win11-20240419-en
Behavioral task
behavioral2
Sample
pack/Decrypter.exe
Resource
win11-20240419-en
Behavioral task
behavioral3
Sample
pack/cho2.exe
Resource
win11-20240419-en
Behavioral task
behavioral4
Sample
pack/privateKey.xml
Resource
win11-20240426-en
Behavioral task
behavioral5
Sample
pack/publicKey.xml
Resource
win11-20240419-en
General
-
Target
pack.rar
-
Size
50KB
-
MD5
e577756b47b67d68f13887db3739768d
-
SHA1
5732244c1029a30c2f915c546e1de551c45a06aa
-
SHA256
71bfe1f26a98e152344fe5687db229da90e9ba8475cb3804a78a0f46152ba0bf
-
SHA512
24807c2a544c97e977a18096225545828bcc070e036c3d5c1557d53471c4b0399d815df675be338aeed84c5d201274d394b6a64371eb4ab8a099da46040a50cb
-
SSDEEP
1536:UWMdgrnhBCmIpd1DFTjsPLXw9YC0RgK5dgt3:UWMdgrGzd5d4XaYC+FP4
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
OpenWith.execmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Local Settings cmd.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
OpenWith.exepid process 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe 3384 OpenWith.exe