Overview

overview

6

Static

static

1

Telegram/Telegram.exe

windows7-x64

6

Telegram/Telegram.exe

windows10-2004-x64

6

Telegram/m...47.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 19:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Telegram/Telegram.exe

  • Size

    149.4MB

  • MD5

    40889af6437bb9ea7ceca2a61a7d3c31

  • SHA1

    e7dc3b4983cc2a52da58de103027961492bc6ecf

  • SHA256

    bae14c635b6142009654570c001db2cf27bbf641fb294611a0c4ae490290ab53

  • SHA512

    d0f2f9f54a8cae72bc3fc802e785959b49c7f957a5f11f172a445c7189e44f783970ffb4748b86a0b71c750bb2bd0965230361d57a62e0786f3989da3727ee27

  • SSDEEP

    786432:3xmWnhoXQ5Y91k9uH171xqMBLvbMDNj1o1fDtH73FC7KKE9AMqzNw:3nnhog+91k9wljBLQJJo1fDtjFUycNw

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 16 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 15 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Telegram\Telegram.exe
    "C:\Users\Admin\AppData\Local\Temp\Telegram\Telegram.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2444

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Cab391C.tmp
          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          Download Submit

        • memory/2444-7-0x0000000000220000-0x000000000022A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-6-0x0000000000220000-0x000000000022A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-36-0x0000000002630000-0x000000000263A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-39-0x0000000002630000-0x000000000263A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-38-0x0000000002630000-0x000000000263A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-103-0x0000000000220000-0x000000000022A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-104-0x0000000000220000-0x000000000022A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-105-0x0000000002630000-0x000000000263A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-106-0x0000000002630000-0x000000000263A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-108-0x0000000002630000-0x000000000263A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2444-107-0x0000000002630000-0x000000000263A000-memory.dmp

          Filesize

          40KB

          Download