Overview
overview
3Static
static
1CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...sample
windows7-x64
3CVE-2023-3...oit.py
windows7-x64
3CVE-2023-3...pt.bat
windows7-x64
1Analysis
-
max time kernel
34s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08-05-2024 08:59
Static task
static1
Behavioral task
behavioral1
Sample
CVE-2023-38831/.git/hooks/applypatch-msg.sample
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
CVE-2023-38831/.git/hooks/commit-msg.sample
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
CVE-2023-38831/.git/hooks/fsmonitor-watchman.sample
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
CVE-2023-38831/.git/hooks/post-update.sample
Resource
win7-20240221-en
Behavioral task
behavioral5
Sample
CVE-2023-38831/.git/hooks/pre-applypatch.sample
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
CVE-2023-38831/.git/hooks/pre-commit.sample
Resource
win7-20240221-en
Behavioral task
behavioral7
Sample
CVE-2023-38831/.git/hooks/pre-merge-commit.sample
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
CVE-2023-38831/.git/hooks/pre-push.sample
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
CVE-2023-38831/.git/hooks/pre-rebase.sample
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
CVE-2023-38831/.git/hooks/pre-receive.sample
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
CVE-2023-38831/.git/hooks/prepare-commit-msg.sample
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
CVE-2023-38831/.git/hooks/push-to-checkout.sample
Resource
win7-20240419-en
Behavioral task
behavioral13
Sample
CVE-2023-38831/.git/hooks/update.sample
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
CVE-2023-38831/exploit.py
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
CVE-2023-38831/script.bat
Resource
win7-20240220-en
General
-
Target
CVE-2023-38831/.git/hooks/pre-receive.sample
-
Size
544B
-
MD5
2ad18ec82c20af7b5926ed9cea6aeedd
-
SHA1
705a17d259e7896f0082fe2e9f2c0c3b127be5ac
-
SHA256
a4c3d2b9c7bb3fd8d1441c31bd4ee71a595d66b44fcf49ddb310252320169989
-
SHA512
ee08c11fab7e896b2e09c241954ba7640338b12c75cd8040daf053c31b2f22236d7a0deac736f89d305236312fdb4f560a38d4d8debdcc9dcdd23b2d975907d5
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\sample_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\sample_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\sample_auto_file\shell\Read\command rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\sample_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\sample_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.sample rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\.sample\ = "sample_auto_file" rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\sample_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
AcroRd32.exepid process 2472 AcroRd32.exe 2472 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
cmd.exerundll32.exedescription pid process target process PID 640 wrote to memory of 2596 640 cmd.exe rundll32.exe PID 640 wrote to memory of 2596 640 cmd.exe rundll32.exe PID 640 wrote to memory of 2596 640 cmd.exe rundll32.exe PID 2596 wrote to memory of 2472 2596 rundll32.exe AcroRd32.exe PID 2596 wrote to memory of 2472 2596 rundll32.exe AcroRd32.exe PID 2596 wrote to memory of 2472 2596 rundll32.exe AcroRd32.exe PID 2596 wrote to memory of 2472 2596 rundll32.exe AcroRd32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CVE-2023-38831\.git\hooks\pre-receive.sample1⤵
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CVE-2023-38831\.git\hooks\pre-receive.sample2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2596 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CVE-2023-38831\.git\hooks\pre-receive.sample"3⤵
- Suspicious use of SetWindowsHookEx
PID:2472
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD53c5ab6b25e134e2071e1bedef93b9ce2
SHA142556860c65fbecf01e37d058eea7c04494b2608
SHA256742787284fb46484a76c057e32f496e81a8c22c559a45c24c5f428959ac9ba80
SHA512c5d5c0f2258e21422ac9a4964b6f78a0e0baf1fdd87432c1cbd89bc70b98c8d7be5c8c6ed27c3cbe26188693395dd477a34b5c89bb12f87c97abdda81c9944ea