Overview

overview

10

Static

static

3

Osu.7z

windows7-x64

3

Osu.7z

windows10-2004-x64

3

Osu/Launcher.exe

windows7-x64

10

Osu/Launcher.exe

windows10-2004-x64

10

Osu/optimi...al.dll

windows7-x64

1

Osu/optimi...al.dll

windows10-2004-x64

1

Osu/vk_swi...er.dll

windows7-x64

1

Osu/vk_swi...er.dll

windows10-2004-x64

1

Osu/vulkan-1.dll

windows7-x64

1

Osu/vulkan-1.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1561s
  • max time network
    1562s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2024, 14:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Osu.7z

  • Size

    3.7MB

  • MD5

    925d19382afe84113af3255a66d024d8

  • SHA1

    dae8a69db43980e2335503a4a0a7d30576bed181

  • SHA256

    9d0eef3560fd3b6f9207a21206c4f4337b07bff2cf082869c87bdc1ddd6d2e89

  • SHA512

    1a6cf9bdc5666a4a9b0b4e4fc9d46eaecabf572a757fa9abb4faf24413abde504fef829660a0dd3a6681ab6c28f9032875c3c22a653f66939412ed853175ca45

  • SSDEEP

    98304:00xdEVRkgh/ZxjuutKhnM5IYpu99zvp8sPhy//oSuks:00fq/mhnMqYp6B8sJ4Ts

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Osu.7z
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Osu.7z
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Osu.7z"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    b5152f7dc1808dda82fe43fb2c49df8b

    SHA1

    c96a0dc1e0814948317559f2c778b48b92f49eb8

    SHA256

    03e1c67ad758d24516eaf561c2699661be0c61c573f62c9ecf2c208933f4e190

    SHA512

    3888e76b20b40f77a6908247d5e59ea0efe6bcf5ba9399f9242ff83f124e519be36d9f1b83ae8a405df38d5ed8157f7897f6cedced06924aa309d64ca0a950dd

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.