Overview

overview

3

Static

static

1

System Vol...ps.zip

windows7-x64

1

System Vol...ps.zip

windows10-2004-x64

1

System Vol...3.pcap

windows7-x64

3

System Vol...3.pcap

windows10-2004-x64

3

System Vol...f.pcap

windows7-x64

3

System Vol...f.pcap

windows10-2004-x64

3

System Vol...f.pcap

windows7-x64

3

System Vol...f.pcap

windows10-2004-x64

3

Analysis

  • max time kernel
    39s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    System Voleume Information pcaps/d85b28a3-e428-427f-9728-3e39f7aa2fdf.pcap

  • Size

    11.1MB

  • MD5

    bd927203defde0842981678259a9520c

  • SHA1

    b66718fcad76d585648354a8b98373dd65c26130

  • SHA256

    6c22e38abbf5424eb8f7651f0d1a33e4c03c53a94f09b8f6534282ac3efcf3d6

  • SHA512

    1ba33b118c27aa117606c574b4ca423727bbce7a8f1862456866d8dd3a78f1009436f83f369b121a8c98ceba8a6eaa81c91bc3efdc573e3094b77aa180c76382

  • SSDEEP

    196608:mVvbg8fEmUoOsLX/8MyHf3CZn4i6yEZjrtDCRe9XRogeARYwwXPARszpFteSdF/B:m9ghmAsLPPKqm9HHv9ygekYV1dFteSDB

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\System Voleume Information pcaps\d85b28a3-e428-427f-9728-3e39f7aa2fdf.pcap"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\System Voleume Information pcaps\d85b28a3-e428-427f-9728-3e39f7aa2fdf.pcap
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\System Voleume Information pcaps\d85b28a3-e428-427f-9728-3e39f7aa2fdf.pcap"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    b41c50f4bb0b43819c4ac8ecbdc0dfb5

    SHA1

    01706eb2ff341c5353f431026aae82c414aa1712

    SHA256

    9a3ad2d682a757bac2ed9186977c6030b085df8ee4a2a4ea50a74773c91b8b2c

    SHA512

    341683eecfd9d6c3da9c38d634848cbf6748bce145e96737ccf50d855aaa60cc6f1addb308a9de19878b3e5419f79f028b5d56faff61837a67be644214fb12de

    Download Submit