Overview

overview

6

Static

static

1

ReYANG-main.zip

windows7-x64

6

ReYANG-main.zip

windows10-2004-x64

1

ReYANG-mai...ignore

windows7-x64

3

ReYANG-mai...ignore

windows10-2004-x64

3

ReYANG-mai...erfile

windows7-x64

1

ReYANG-mai...erfile

windows10-2004-x64

1

ReYANG-main/LICENSE

windows7-x64

1

ReYANG-main/LICENSE

windows10-2004-x64

1

ReYANG-main/README.md

windows7-x64

3

ReYANG-main/README.md

windows10-2004-x64

3

ReYANG-main/app.js

windows7-x64

3

ReYANG-main/app.js

windows10-2004-x64

3

ReYANG-mai...ig.yml

windows7-x64

3

ReYANG-mai...ig.yml

windows10-2004-x64

3

ReYANG-mai...k.json

windows7-x64

3

ReYANG-mai...k.json

windows10-2004-x64

3

ReYANG-mai...e.json

windows7-x64

3

ReYANG-mai...e.json

windows10-2004-x64

3

ReYANG-mai...ons.js

windows7-x64

3

ReYANG-mai...ons.js

windows10-2004-x64

3

ReYANG-mai...ger.js

windows7-x64

3

ReYANG-mai...ger.js

windows10-2004-x64

3

ReYANG-mai...ker.js

windows7-x64

3

ReYANG-mai...ker.js

windows10-2004-x64

3

ReYANG-mai...per.js

windows7-x64

3

ReYANG-mai...per.js

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-05-2024 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ReYANG-main/package-lock.json

  • Size

    41KB

  • MD5

    55066e177f2dc78cc47e9297fc162970

  • SHA1

    18330c8f1e9c45c359ba8d26d193b0cadb2ce7f2

  • SHA256

    d03bea5ed9a10493e2d5f0fd66c36aa319f1f35b5a1e99b293310c4cdfc8bf63

  • SHA512

    fac9128c40da95b1368d99020aabb510ac62d9d570d81efb80a1e5cfa098518ae08dca76ea8dc43141edc1ade5f0a1a8e2e18b67f65e4a459e74be5af04f5a8a

  • SSDEEP

    384:zlqZ6g0wc+oddhfYElWZ6O6SjZ6MNZ6Dn3Q/nKKPLXZ6k2Z6DjvZ6D0FtYysx:z4Z6d+pZ6eZ6sZ67QbZ6RZ6nZ6wXYP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ReYANG-main\package-lock.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ReYANG-main\package-lock.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ReYANG-main\package-lock.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    34fd5cbd43cb7d11dfe60363d97595d3

    SHA1

    baa402509b89eb6556d2bac946a4be0342015485

    SHA256

    e2648260d408e4257e40271d1945ab9b99e654c5eca642aef655bd3689b961b6

    SHA512

    9eefb906daf4f320adf5df0dacb13b8cde8de03eafa85bd761824561672bb87fdeeab5d963d057ab370cdbceecdfd18ab39f3d5fb243424e23ed8ad9f61c37f8

    Download Submit