Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/05/2024, 18:16

General

  • Target

    cracked-premium-spotify.rar

  • Size

    15.9MB

  • MD5

    488d0651494c0055ad54d53a60b0bfd1

  • SHA1

    b8c4398e9dcb0a7e822d1e1cf99e1453d1850212

  • SHA256

    d6a3c410b9c13da9d82ceeb2a1471afcfc9d9679599c3dce795027e38e63e59e

  • SHA512

    f7b87a7dc472375e7e1bfa3a9def5067db9adce514c34553ada803a3b68c04673c318fb555b56dcf5fa32ab619c563945a3898b5ebb341f1f6c87c8a02560f23

  • SSDEEP

    393216:L/iGozh1lcrnyfrU1pZ04wqbyGc9x1JqHcb3kDzQ:L/iGodWyfrU1rIqbyr9bb3kHQ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cracked-premium-spotify.rar
    1⤵
    • Modifies registry class
    PID:72
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Program Files\Microsoft Office\root\Office16\Winword.exe
      "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\cracked-premium-spotify.rar"
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3020-2-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp

    Filesize

    64KB

  • memory/3020-1-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp

    Filesize

    64KB

  • memory/3020-0-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp

    Filesize

    64KB

  • memory/3020-3-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp

    Filesize

    64KB

  • memory/3020-4-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp

    Filesize

    64KB

  • memory/3020-5-0x00007FFD6B890000-0x00007FFD6B8A0000-memory.dmp

    Filesize

    64KB

  • memory/3020-6-0x00007FFD6B890000-0x00007FFD6B8A0000-memory.dmp

    Filesize

    64KB

  • memory/3020-36-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp

    Filesize

    64KB

  • memory/3020-37-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp

    Filesize

    64KB

  • memory/3020-39-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp

    Filesize

    64KB

  • memory/3020-38-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp

    Filesize

    64KB