Resubmissions
05/05/2024, 20:46
240505-zkp6xsde2x 105/05/2024, 20:46
240505-zkd4nagf23 105/05/2024, 20:45
240505-zjph1add71 3Analysis
-
max time kernel
35s -
max time network
34s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05/05/2024, 20:45
Static task
static1
Behavioral task
behavioral1
Sample
xterm_fun.bin
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
xterm_fun.bin
Resource
win10v2004-20240419-en
3 signatures
150 seconds
General
-
Target
xterm_fun.bin
-
Size
1KB
-
MD5
4edc13fd7ccd7db1884adb8fd41e4966
-
SHA1
07f3632ca2d088803ba24bad7a99aa14fa06fd44
-
SHA256
5706a78e802e699883b3973b918ca31d27da71a8bcc018ba3be13b7e314258b0
-
SHA512
0883a358cedf171bb15a3500c397309f31438732ed6b9906043c3ba3efd725555d7ce8319747f85723d833575db9572ab181053098e8881b003047fae9a1274a
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1568 OpenWith.exe