Overview

overview

5

Static

static

1

9a8b0ebe7b...12.zip

windows7-x64

5

9a8b0ebe7b...12.zip

windows10-2004-x64

1

Autoit3.exe

windows7-x64

3

Autoit3.exe

windows10-2004-x64

3

script.a3x

windows7-x64

3

script.a3x

windows10-2004-x64

3

Resubmissions

20-05-2024 05:05

240520-fq6lbade9v 10

20-05-2024 04:53

240520-fh1ebsdb7w 5

Analysis

  • max time kernel
    122s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    script.a3x

  • Size

    548KB

  • MD5

    404bd47f17d482e139e64d0106b8888d

  • SHA1

    bd96c024dcba4fda4e3c9aa9dfcc03f37d072cc7

  • SHA256

    0116d3f7e5ecafaf572141a6eaf3bffa80ff04519872be77f07f4b284272db5d

  • SHA512

    fafe9fd532290b50135a5e18ac52590d99652027cefc016606105ddb4758d0db74a722894a9be9ff1a89d70cd08deb53eac1c47213b38911a1744aecb0d92c05

  • SSDEEP

    12288:5ORwcZ/qOKfCMMF3WDbmYMfmGI5/MjyLiy6U9TDh:ouehh2bFMfy5TdTDh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\script.a3x
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\script.a3x
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\script.a3x"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    02795e109f18fc676d49ff937e0e0464

    SHA1

    375f93da04514dd38863c34cd26556cc3c43cd57

    SHA256

    6e93671e5a7a3bf8fa51049568162b3467ec86075a761528d2500289775551b2

    SHA512

    7fc3e6140a21ec49ad1010569c240a0da3a30e3ba2bb81c824d9c8c52ecdbb0b1f836c459073690d23cd4ae3654968c2992f4673208bf4a042706cc69f73c727

    Download Submit