Resubmissions
21-05-2024 14:43
240521-r3mvhshd83 321-05-2024 14:40
240521-r1yh8shd44 721-05-2024 14:37
240521-ry949ahe2z 721-05-2024 14:34
240521-rxpf6ahd6w 321-05-2024 14:31
240521-rvybaahb79 7Analysis
-
max time kernel
18s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
21-05-2024 14:43
General
-
Target
Some Problems/Copy of TOrapoayvSdKDejPAarBuLrFVKYgOPGCMoeR.c9r
-
Size
607B
-
MD5
3b08a6d52a5e0f4c43db8a7eb9163bb9
-
SHA1
f6b565a063281c11ff049aee1b11e51be7a9c2dd
-
SHA256
551625a9b243048a6d42ffd213f2577dd4e31a75a0cbbf2322d1123d9087cc9b
-
SHA512
d78884cb45d507f3bc221ea7f8ba3d6610547221d3dc9562fe06b3362955d2519a5ce14d171be9e2d62ba33a11ad57030521d52eed75e66b31d4ed9b76a56c8e
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Some Problems\Copy of TOrapoayvSdKDejPAarBuLrFVKYgOPGCMoeR.c9r"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Some Problems\Copy of TOrapoayvSdKDejPAarBuLrFVKYgOPGCMoeR.c9r2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Some Problems\Copy of TOrapoayvSdKDejPAarBuLrFVKYgOPGCMoeR.c9r"3⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f9da08b364702a99ba30fcae0262845f
SHA1427329d82a4b6a615775aff0e94305d27d4144c1
SHA256a88efc650fe84a72daf079edccad2e31bfeafee45a75c884319d2e6724bf6e5e
SHA5121cdca1883ef6f9486264d7ae00bbb6cf2093eae733cb8618e5d0103cfdc6f28cc42b08dd67b8870ccde751ce8428c38220dcba3cfff3eab876da6e3832ae1013