Analysis

  • max time kernel
    118s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/05/2024, 19:52

General

  • Target

    locales/es.pak

  • Size

    473KB

  • MD5

    29cbdcc2168f1bb29532122c39e67a1a

  • SHA1

    f086c79d60daf2b0a7df91916387efa461795dcb

  • SHA256

    232f41ab5996c917687276e82c177de208b36e77aa834bb5d94d6a331f4180fe

  • SHA512

    b603edf2a18f5893ab482b0c34e4126f824fbdd1b669927d7bc30d68e2e5bdf78d7d4b2aabdbe257987e8e19f440d9396a3683340b94c3fd844c70e34e93d8a8

  • SSDEEP

    6144:6kqGWOZ1+zun+V4HgspZpGrUKjs5f2rYDoRRiN6PZGMj:6BbOSSmirpKjjs5ursoRwBA

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\locales\es.pak
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\locales\es.pak
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2460
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\locales\es.pak"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    039b8892c445c18c1f5e5df6f56e16b5

    SHA1

    b489e930063e3f9152d097efd5e1a5d69346a7af

    SHA256

    7f640db8814dff7ebdf875380a94986c814ab3abd27d07b48fd718343b20aa44

    SHA512

    8a427a668691f150673b149a17ccfb8eee12d2f53fa2c14feb93cf32152ccdde24b356410599eda250563906a50342fd61637443b285066e2bac1cc678e3c52c