Overview

overview

10

Static

static

10

624-39-0x0...ry.dmp

windows7-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 09:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    624-39-0x00000000048C0000-0x0000000004C47000-memory.dmp

  • Size

    3.5MB

  • MD5

    77adfbd169586974c046d6fb58ef4dcd

  • SHA1

    d00280ef0e885f2b52f49617928336c4fda36727

  • SHA256

    9d56c1e5a1d730822fcb863807b2cd79539b09799321d101d50eb961b444148f

  • SHA512

    d3d21275bf618aff73b833623e67f0f3e64fd80dca36506ac66220f54d69412cf94798263963862afb72492ea26622c7d6fb77f30c60e90debb848356dc0727b

  • SSDEEP

    6144:gmFFYrx0PmfUH1YTCh+mlrDvWBaoakAI04Yd1FkMGS4GQBe:lFFYrkmfUVY8+mp3I0/ZkMnz

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\624-39-0x00000000048C0000-0x0000000004C47000-memory.dmp
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\624-39-0x00000000048C0000-0x0000000004C47000-memory.dmp
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\624-39-0x00000000048C0000-0x0000000004C47000-memory.dmp"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    92373c86073ae2479fb45c0bd802a483

    SHA1

    912c96ccd4ce075b4fa3229a66ff2b032352a1f3

    SHA256

    128778161a95374589c939a85b6cd94287b661047684a18656fbe5a367f0f9fb

    SHA512

    9f11da39083665c00676fc455944f3ebf521c11a45b326350accbe001cc5aea85cf349ff5edb2bd085f3192acf1589a9e30b501fc3fe2a4afd257540f17725ee

    Download Submit