c3f250ab11d40bc8e68d90efa095da80a4e2c285d3d04e1c52434158345e2b47

Analysis

max time kernel
18s
max time network
16s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CVE-2023-38831/.git/hooks/pre-commit.sample
Size

1KB
MD5

305eadbbcd6f6d2567e033ad12aabbc4
SHA1

a79d057388ee2c2fe6561d7697f1f5efcff96f23
SHA256

f9af7d95eb1231ecf2eba9770fedfa8d4797a12b02d7240e98d568201251244a
SHA512

7cfb0a58abed1915ee1b261a1c661c7e2deea4e9227f77f5875af1a25c82e19245ba12dcb2f5052d994d0e81a3465daf37f9d8c670e17f9c96742f60fdfaaa56

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 9 IoCs

Processes:

rundll32.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\sample_auto_file\	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\sample_auto_file\shell\Read	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\sample_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\""	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\sample_auto_file	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\sample_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\sample_auto_file\shell\Read\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.sample	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.sample\ = "sample_auto_file"	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

AcroRd32.exe

pid process

2812 AcroRd32.exe
2812 AcroRd32.exe

pid	process
2812	AcroRd32.exe
2812	AcroRd32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

cmd.exerundll32.exe

description	pid	process	target process
PID 2852 wrote to memory of 3024	2852	cmd.exe	rundll32.exe
PID 2852 wrote to memory of 3024	2852	cmd.exe	rundll32.exe
PID 2852 wrote to memory of 3024	2852	cmd.exe	rundll32.exe
PID 3024 wrote to memory of 2812	3024	rundll32.exe	AcroRd32.exe
PID 3024 wrote to memory of 2812	3024	rundll32.exe	AcroRd32.exe
PID 3024 wrote to memory of 2812	3024	rundll32.exe	AcroRd32.exe
PID 3024 wrote to memory of 2812	3024	rundll32.exe	AcroRd32.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\CVE-2023-38831\.git\hooks\pre-commit.sample
1⤵
- Suspicious use of WriteProcessMemory
PID:2852

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CVE-2023-38831\.git\hooks\pre-commit.sample
2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3024

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CVE-2023-38831\.git\hooks\pre-commit.sample"
3⤵
- Suspicious use of SetWindowsHookEx
PID:2812

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
Filesize
3KB

MD5
e8eeadd8edb3ec352ffe44e593df3c45

SHA1
8c898f623f6e7bd95dfee28d0d755f41b2a8e8c3

SHA256
d7ab6212550a849df3a04f117afda4ef15c1a5e70a6c117907cfc50889919f3f

SHA512
b20d765e7d13704a23d9d5f77e2e37eb61e3fc17f4d0a2b2a138a407de4cd946024b265a0c6b5dc2e19cbd0a1ac753bec8298d607b406c7f10562e7e8eff37e3

Download Submit