Overview

overview

3

Static

static

1

New folder...t3.exe

windows7-x64

New folder...t3.exe

windows10-2004-x64

3

New folder...5a.au3

windows7-x64

3

New folder...5a.au3

windows10-2004-x64

3

New folder...te.bat

windows7-x64

3

New folder...te.bat

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 10:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New folder/ac337d0e2c1d6f6a1132285a.au3

  • Size

    149KB

  • MD5

    3b340bfe4c0707bc961338f81b77ae2d

  • SHA1

    93f5ba8d5f5c242f7e971d5fa7881df6c9150046

  • SHA256

    ac337d0e2c1d6f6a1132285a409a49a0003a2e058cf84063fd899e5d40103b83

  • SHA512

    9199c027389252fcab8d236162bfeb74519df0fbbd4603775f7a6a0e67cf061f35fd57287604797521cdcdb473f2fe93f7736c0459ea2909fbf088045942f1cd

  • SSDEEP

    1536:1F+W3GYbAx7LfIji3tIdprUZIpJkmRz+zDgA1s:SXzEiODU29D

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\New folder\ac337d0e2c1d6f6a1132285a.au3"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\New folder\ac337d0e2c1d6f6a1132285a.au3
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\New folder\ac337d0e2c1d6f6a1132285a.au3"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    8b4f04e796ddfd19e5b25b5ad879153c

    SHA1

    6e03a0c4f0f2890cd28788af79cf1ccedaa14112

    SHA256

    ae4963ab74b0a7cb1a1f8cb50a79ce5bd0be18ae4dd409c668462e031090463f

    SHA512

    3688f902123f21cbc448a6f954af0f8bc7dc13efa7f7b815668378a4bc0b13eb849273423fed8c0bc965f74d2aabe1fe6b9f8600e319864e17492a16e9f0cdef

    Download Submit