Overview

overview

8

Static

static

1

ML057049.lzh

windows7-x64

1

ML057049.lzh

windows10-2004-x64

3

Okthabah.exe

windows7-x64

8

Okthabah.exe

windows10-2004-x64

8

Modsige.til247

windows7-x64

3

Modsige.til247

windows10-2004-x64

3

Onerosity240.ops

windows7-x64

3

Onerosity240.ops

windows10-2004-x64

3

Perseverat...us.gas

windows7-x64

3

Perseverat...us.gas

windows10-2004-x64

3

Perseverat...en.msk

windows7-x64

3

Perseverat...en.msk

windows10-2004-x64

3

Perseverat...nk.txt

windows7-x64

1

Perseverat...nk.txt

windows10-2004-x64

1

Perseverat...ip.jge

windows7-x64

3

Perseverat...ip.jge

windows10-2004-x64

3

Resubmissions

16/05/2024, 15:35

240516-s1rw5abf57 8

16/05/2024, 15:33

240516-szev6sbe69 8

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Perseverate/Sidetallerken.msk

  • Size

    2KB

  • MD5

    fe015ab4c7b1a4b45cb5482a5129e455

  • SHA1

    bdab53a97ae82149b83b5c3fb663b924a6731b16

  • SHA256

    88c2496adf0fe02a1d2feb422956a16d4ac6cb7304bf9e169996bf9fdc0c0c7d

  • SHA512

    2bc395ff0e915dcda1e901716f7b06dd8b93fb08989c6ac8d860aadd77d026039c193016748e82a8e0b8e3c68447a1b30b4f962792ca57d5c52b8fd14fe66460

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Perseverate\Sidetallerken.msk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Perseverate\Sidetallerken.msk
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Perseverate\Sidetallerken.msk"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    ddf0be39baac7c69d727fbd1edad5122

    SHA1

    a76ef61175a6b2d9c256a47a01fbc92471634711

    SHA256

    802304cd475ea21146a29df185e74d5232998b27d1d1d83337df97762361f339

    SHA512

    2c7993c17af02ec98b0c344315a4c57fe58af1bd5da1072a58b2dd80271190f1ae92522c9f337f5ef706b6f649d69cb4e0c7fe3db5cdf700db70b284c6c95a3a

    Download Submit