Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22-05-2024 22:18
General
-
Target
Blank-Grabber-main/Blank Grabber/env/Scripts/config.json
-
Size
1KB
-
MD5
b03ab3cabcf6a8ea83ea00b43a50c1ea
-
SHA1
dbcf41071de87bb9f0183a012287aa80ea018020
-
SHA256
e02340f0d10a013946cfd22d73230104a9d88544315271bf6b9e617f3aa3dab1
-
SHA512
cfd15bf539cf4c7661e223d005ce67e160b6c16dafd4c0104cde3b2872a3e710dca02270fa2dc0f061998927bbbcd76711553958005da58a281fad1a649f8ff6
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\config.json"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\config.json2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\config.json"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52adecbe11429ab0fa9290ed39d6777d4
SHA10c857195a2b31b9dded3e43a4e37361a10336dce
SHA2560c012c066e4c5034353a8f6fbe0f3a07f6c5ac5d47554c94407248c11419613d
SHA5126f7f41ccf70603df70204a5cf62a92a7cb9ca1ec5176a9c90893015ccfc7d3e9c92ef541e92059ed74f96b389c1b93c4d60b94b89af4c0193cf99d13d3eb6375