Overview

overview

7

Static

static

3

autoexecute/test.txt

windows7-x64

1

autoexecute/test.txt

windows10-2004-x64

1

bin/api-docs.json

windows7-x64

3

bin/api-docs.json

windows10-2004-x64

3

bin/incogn...au.dll

windows7-x64

1

bin/incogn...au.dll

windows10-2004-x64

1

bin/save.json

windows7-x64

3

bin/save.json

windows10-2004-x64

3

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

scripts/test.lua

windows7-x64

3

scripts/test.lua

windows10-2004-x64

3

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/...et.txt

windows7-x64

1

workspace/...et.txt

windows10-2004-x64

1

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/..._1.txt

windows7-x64

1

workspace/..._1.txt

windows10-2004-x64

1

workspace/..._2.txt

windows7-x64

1

workspace/..._2.txt

windows10-2004-x64

1

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/...tefile

windows7-x64

1

workspace/...tefile

windows10-2004-x64

1

workspace/...le.txt

windows7-x64

1

workspace/...le.txt

windows10-2004-x64

1

workspace/...est.js

windows7-x64

3

workspace/...est.js

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 02:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/save.json

  • Size

    46B

  • MD5

    877b13372acbf8bf740694d141d1aeb0

  • SHA1

    0c764bef8a7c94ef610c129720d3d3d9a66fea3f

  • SHA256

    1bc3e6bcf3d47756fe6e456ce68165d39ea8358186d1a9bb4b2e5911389b22c1

  • SHA512

    38a6a7e7bf9572daeabbafb7bb1868d09f9b487e84e17da263f627315623952ab203c8dc5e940b6d59d15183bdd43d153a08ae421f12d085480e73fcbc3b5b82

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\bin\save.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\bin\save.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bin\save.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    58f56b17ea81867fb8181e75fb8702fd

    SHA1

    5fa9947c9917fe3abc91e4924ca6886acf407efd

    SHA256

    901efac22319527b56c09bce1839ab79b7e5988d5306c558c9592450255d0b00

    SHA512

    c00c143ce28911404dfaf562b2160a3e64a9549312f3acec9569d545bca1d9ffce6420868ce2b9d8e9054f8fd9f4316dda6b4d2fefca96d572662c333b613ada

    Download Submit