Overview

overview

7

Static

static

3

Frost Laun...s.json

windows7-x64

3

Frost Laun...s.json

windows10-2004-x64

3

Frost Laun...st.exe

windows7-x64

1

Frost Laun...st.exe

windows10-2004-x64

1

Frost Laun...st.exe

windows7-x64

1

Frost Laun...st.exe

windows10-2004-x64

7

Frost Laun...g.json

windows7-x64

3

Frost Laun...g.json

windows10-2004-x64

3

Frost Laun...ypt.so

ubuntu-18.04-amd64

1

Frost Laun....dylib

macos-10.15-amd64

1

Frost Laun...er.dll

windows7-x64

1

Frost Laun...er.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 03:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Frost Launcher/Frost.deps.json

  • Size

    110KB

  • MD5

    9699d34e46914de2d30b395067993ac8

  • SHA1

    5e91128624473ca2b33119145c55934d23bb1f7d

  • SHA256

    4f86617970999a75562521ccd1452f7c61ae1366c77850fb5a60d758830d7336

  • SHA512

    f2832795a642a5ef2cc5abc71ab7ffda0cf872b8a86218821220c428b3acad44e4734759a5bbf768954c35e8028fbb211751d5e558048261e6b87a6995679fe8

  • SSDEEP

    3072:qX+CROPbt9lcu72usgveq9eRyhzOqQ04CZJSopI2Pw:rIP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Frost Launcher\Frost.deps.json"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Frost Launcher\Frost.deps.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Frost Launcher\Frost.deps.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    c2ab2996ddcca735a0c1752b967b3e49

    SHA1

    f960665563706e375f1eb8d76c577a32f7d502a1

    SHA256

    24b18be396c771847482538f06a991ac016586509096896f07d6a2cbfebae51c

    SHA512

    0797ccd2a0d6a666e2286f2f7111fdb50ba91d7e2b7d664233fe86b1f645539e7c2029bc87e10c01f76e06abf3a5722d2ff34a30e5ffcdcff5323b8b7ba98625

    Download Submit