Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
07-05-2024 11:21
General
-
Target
script.a3x
-
Size
497KB
-
MD5
e6dcf390f0861b103a8331222dbb29fd
-
SHA1
d2518370574b20bcc2dd457e71d129889f7fc98f
-
SHA256
42b6480c1547bf3867d63dcfec7d5d301d770ce45f82931d922d22def3942d6b
-
SHA512
ceb792c6a9cca9edcf3066bff6cae493a9da8b48581030bda87388e2e8c5d18d7dcdf019f2d0fb62c706c4494b117ed27ce8ac02b24fb24fab5802fa4fd0bb1c
-
SSDEEP
12288:5yiV4v4gtXzPYQzBBF3e2gzGp+dKmhn0zKx0PK9gbm5c3yloDrJA3fLVp:skEX7YAzFu2gGpsn0zSp
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\script.a3x1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\script.a3x2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\script.a3x"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD583377272fb6852cf282b9888ca6543eb
SHA11566dd47adfd13fe8e84f74493e0df7f25213dbe
SHA256b37bb8f678505f8b96a240e996773dfc8a89eb7a91211819ba2a322ec86091b0
SHA512e9f7670552c1f17625931bf3aa3ce51285a9c3f6aa12f8ec97329f9ca1119142cd7180e39fd91e4d3cb019a9b510bf6d344c0c862b921b0cfd7cd01248e51410