Resubmissions
15-05-2024 11:58
240515-n495nagc6y 1015-05-2024 11:54
240515-n3d1tsgd33 415-05-2024 09:22
240515-lb8p1sba32 10Analysis
-
max time kernel
128s -
max time network
135s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
15-05-2024 11:54
General
-
Target
4423890.rar
-
Size
11.2MB
-
MD5
ff7553a8d62ba75491119628aa7ede6e
-
SHA1
105b16f65c61570fd9c6ff2077597ba626026cda
-
SHA256
58fb41c622cfccae8febc06e0c04f25bdb613a5b260ae6f404e9d0eda5ea86ab
-
SHA512
ee01b5273fa7fb49eb8f55b995174bb869ebe77854427c4691e8980f5c2b49eef66a9e3fc8ecb6dd2388f390423318653b3573d1002af3124c70a42ed5815c22
-
SSDEEP
196608:f9VizBum/MJuS5PuZBv5z7/AGUnfbhI7epRSv6EjBGu0wcDGIuPJGopuS5R:X4BF/GuS5PuZLQGOfeavSNjgu0tiI1o/
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\4423890.rar1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵