Analysis
-
max time kernel
121s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
02/05/2024, 20:09
General
-
Target
content/avatar/compositing/CompositExtraSlot0.mesh
-
Size
817B
-
MD5
7eff866016dcdbb1b62328a8c420d7e2
-
SHA1
80ca518891ba4f8e2b500817ecd6f8ace831ea81
-
SHA256
d49a6c4733b1f95242958d0df6489c5eea5872a0c7e181c54c93d74324439d51
-
SHA512
7632b40585c780bcf478f10782443755891c988d93b73b1c604948f1fa41bb0854c7f7f56089e5f81d9b2f62aff3d58e731ed89b4e543b8b0c1b38a372a3c13c
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\content\avatar\compositing\CompositExtraSlot0.mesh1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\content\avatar\compositing\CompositExtraSlot0.mesh2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\content\avatar\compositing\CompositExtraSlot0.mesh"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD57289d93ee48d34a349566f054849843d
SHA12891b386aa9603d5bdaa52364d21a020be301417
SHA2562b678c763217e6c9e27b8876b0ef870aa475ae9308898d42c43a3b6ecf7a04dc
SHA51286bcc219437eb0fc538234ce9b95580d21ee3ce4990e5b08c8e56b86847d24a65dbc72f047db35d8460a0430261209eff84711c16028045a13d83cb8cacaa9a6