Overview

overview

9

Static

static

7

sapphire_cracked.rar

windows7-x64

3

sapphire_cracked.rar

windows10-2004-x64

config.toml

windows7-x64

3

config.toml

windows10-2004-x64

3

crack.dll

windows7-x64

9

crack.dll

windows10-2004-x64

9

data/asset...g.json

windows7-x64

3

data/asset...g.json

windows10-2004-x64

3

data/asset...d.json

windows7-x64

3

data/asset...d.json

windows10-2004-x64

3

loader.exe

windows7-x64

9

loader.exe

windows10-2004-x64

9

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

output/fil...ha.txt

windows7-x64

1

output/fil...ha.txt

windows10-2004-x64

1

output/fil...id.txt

windows7-x64

1

output/fil...id.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sapphire_cracked.rar

  • Size

    29.5MB

  • MD5

    dc71e40b02fb2a0652dbabe211ffe66c

  • SHA1

    0a36bf46ec65e45bfe765798a12abb08472331b5

  • SHA256

    1b475e95186ce2a8843516be389b66a6c53c6b77bdac33ffcf5d00af133e7570

  • SHA512

    426a48995be934ce183169319a0b86bef8e0017e102e9f15004f456ba3fe892dc997c70c40c71354710ddc521d79322864cd3b0e9170c330309222c363fd9ba1

  • SSDEEP

    786432:wXc4PlLQExdSwksSqylouXwS9VQJ9RJRrhAgC7oV76:wXPxQqM7yr8kHJJ1C7oVm

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\sapphire_cracked.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sapphire_cracked.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sapphire_cracked.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2812
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sapphire_cracked.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:1388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1388-30-0x000007FEFA900000-0x000007FEFA934000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1388-29-0x000000013FBA0000-0x000000013FC98000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1388-32-0x000007FEFA8E0000-0x000007FEFA8F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1388-33-0x000007FEFA8C0000-0x000007FEFA8D7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1388-34-0x000007FEFA8A0000-0x000007FEFA8B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-35-0x000007FEFA880000-0x000007FEFA897000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1388-36-0x000007FEF7240000-0x000007FEF7251000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-38-0x000007FEF7200000-0x000007FEF7211000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-37-0x000007FEF7220000-0x000007FEF723D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1388-31-0x000007FEF5830000-0x000007FEF5AE6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1388-42-0x000007FEF6A30000-0x000007FEF6A51000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1388-45-0x000007FEF69F0000-0x000007FEF6A01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-40-0x000007FEF54F0000-0x000007FEF56FB000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1388-52-0x000007FEF5470000-0x000007FEF54EC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1388-41-0x000007FEF6F80000-0x000007FEF6FC1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1388-44-0x000007FEF6A10000-0x000007FEF6A21000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-46-0x000007FEF69D0000-0x000007FEF69E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-48-0x000007FEF6570000-0x000007FEF6581000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-50-0x000007FEF63C0000-0x000007FEF63F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1388-51-0x000007FEF6350000-0x000007FEF63B7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1388-49-0x000007FEF63F0000-0x000007FEF6408000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1388-47-0x000007FEF69B0000-0x000007FEF69CB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1388-57-0x000007FEF5370000-0x000007FEF5388000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1388-66-0x000007FEF0AC0000-0x000007FEF0AD6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1388-65-0x000007FEF0AE0000-0x000007FEF0AF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-64-0x000007FEF0EF0000-0x000007FEF0F1F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1388-63-0x000007FEFA870000-0x000007FEFA880000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1388-62-0x000007FEF17B0000-0x000007FEF17C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-61-0x000007FEF6410000-0x000007FEF6431000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1388-60-0x000007FEF5300000-0x000007FEF5312000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1388-59-0x000007FEF5320000-0x000007FEF5331000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-58-0x000007FEF5340000-0x000007FEF5363000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1388-67-0x000007FEF09F0000-0x000007FEF0AB5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/1388-56-0x000007FEF5390000-0x000007FEF53B4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1388-55-0x000007FEF53C0000-0x000007FEF53E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1388-54-0x000007FEF53F0000-0x000007FEF5447000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1388-68-0x000007FEF09A0000-0x000007FEF09E2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1388-53-0x000007FEF5450000-0x000007FEF5461000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1388-43-0x000007FEF6F60000-0x000007FEF6F78000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1388-69-0x000007FEF05E0000-0x000007FEF0642000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1388-70-0x000007FEF0570000-0x000007FEF05DD000-memory.dmp

    Filesize

    436KB

    Download

  • memory/1388-71-0x000007FEF03F0000-0x000007FEF0570000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1388-39-0x000007FEF3CF0000-0x000007FEF4DA0000-memory.dmp

    Filesize

    16.7MB

    Download