Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
19-05-2024 09:32
Behavioral task
behavioral1
Sample
download.dat
Resource
win7-20240215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
download.dat
Resource
win10v2004-20240508-en
3 signatures
150 seconds
General
-
Target
download.dat
-
Size
511B
-
MD5
87010bd57cf07bec39f06901e9d3fc37
-
SHA1
cbfe4d6cce5b1a9d445c0bf1872c5712cc689ce9
-
SHA256
a97946c34d2d8642820f196a54a6e8d78cf4f58a97e417be9696d7fd19e7fc95
-
SHA512
5d44c4d74c1be0d99a40dfa36627bcbf56cabf13dd0a70fb3193bf5b0bcb02f221ae5818b0aad0932c6e4dc240f112f68d7310f9571f141e1b16a89bbdd92a9e
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1256 wrote to memory of 2648 1256 cmd.exe rundll32.exe PID 1256 wrote to memory of 2648 1256 cmd.exe rundll32.exe PID 1256 wrote to memory of 2648 1256 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\download.dat1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\download.dat2⤵
- Modifies registry class