Overview

overview

3

Static

static

1

System Vol...ps.zip

windows7-x64

1

System Vol...ps.zip

windows10-2004-x64

1

System Vol...3.pcap

windows7-x64

3

System Vol...3.pcap

windows10-2004-x64

3

System Vol...f.pcap

windows7-x64

3

System Vol...f.pcap

windows10-2004-x64

3

System Vol...f.pcap

windows7-x64

3

System Vol...f.pcap

windows10-2004-x64

3

Analysis

  • max time kernel
    48s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    System Voleume Information pcaps/43499bef-a2ad-4719-aaf9-c2a03b2fa5f3.pcap

  • Size

    7.8MB

  • MD5

    f25746eda71536acae3bf8cd8b4e0a5e

  • SHA1

    8129485a2928ca4af5727e7a7e4a9b430417e03d

  • SHA256

    87e8295f9c88604abd0817b33f6d259190d2d6fa00c4f16fe6c6d0ebe48df6c4

  • SHA512

    da7e04571261070b991dff3f85d7f4a2923a792f0286a8b0abfd7949477a1bd2645b2196d4151d5d85b8adf9b56e134349f4542558cda7f1627e14304368d10e

  • SSDEEP

    196608:miimuUtfc1qakKUsYObJ4Clf8YnSCB5Mh+770icOz:mNUmAuXaYSCgh+X

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\System Voleume Information pcaps\43499bef-a2ad-4719-aaf9-c2a03b2fa5f3.pcap"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\System Voleume Information pcaps\43499bef-a2ad-4719-aaf9-c2a03b2fa5f3.pcap
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\System Voleume Information pcaps\43499bef-a2ad-4719-aaf9-c2a03b2fa5f3.pcap"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    e957b1865727ebb2994fe03a21674f4e

    SHA1

    5533c8205c4ec490f6e8bdc94aaf9810bb07597e

    SHA256

    d8edab01d7f9a28acba63f25540e9ccc2fa4d178450be1df9a5880617b264e40

    SHA512

    5e64890d173c0280a13ad93f1734111eae2a50aba443dca2eb5a9ab3820886b6b9134104f1bde11b5556edc84fe32f12111a232e3b11a4b2fc4928b9300d24ed

    Download Submit