Analysis

  • max time kernel
    40s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2024, 17:37

General

  • Target

    McDonnell Douglas MD-80/objects/seats.obj

  • Size

    9.5MB

  • MD5

    ea7270857ca9b32e9b15c68534a960c2

  • SHA1

    372a4432c747cb2f053a21e8711c35b0fee4381a

  • SHA256

    cb0469565e96866af46b52703f10b03fe675f940b4996f9119aab9a867161849

  • SHA512

    752aef1dd4e7a07bf89ef1bff618f3e7efa03713af517ef856c7bc45240f5b058f289222da3cd077d31009fc014275b760dc6e6430a1a7e5065c5e3c82cb2795

  • SSDEEP

    3072:gewkCoGGs4DO5GGW+T/8h+O/veC7uQVrRhFShuCI5YPYY4WYZZ5OGVGoWzsTPcGV:adbgQStJh2GL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\McDonnell Douglas MD-80\objects\seats.obj"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\McDonnell Douglas MD-80\objects\seats.obj
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\McDonnell Douglas MD-80\objects\seats.obj"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          1e2140541363dde20f9092ec6f6d2c44

          SHA1

          34ff9a081f78a5a3c4e5cf918ef918cbb4a4be03

          SHA256

          cf532967209d0712cc0d2b0bb6dc399b712725c766766f0d3215515b9c65233f

          SHA512

          3c5b0ee81728603f43dbe9e83064766035749a3bb5a8a4dedc95343339691ac8763bce1e2562735f23c56f90d1568d8ca4a2e937bcb9831f5b74ea60527f1ed1