Overview

overview

3

Static

static

3

删后缀�...�1.rar

windows7-x64

3

删后缀�...�1.rar

windows10-2004-x64

3

RJ01082861...s.html

windows7-x64

1

RJ01082861...s.html

windows10-2004-x64

1

RJ01082861...47.dll

windows10-2004-x64

3

RJ01082861...eg.dll

windows7-x64

1

RJ01082861...eg.dll

windows10-2004-x64

1

RJ01082861...GL.dll

windows7-x64

1

RJ01082861...GL.dll

windows10-2004-x64

1

RJ01082861...v2.dll

windows7-x64

1

RJ01082861...v2.dll

windows10-2004-x64

1

RJ01082861...nt.pak

windows7-x64

3

RJ01082861...nt.pak

windows10-2004-x64

3

RJ01082861...nt.pak

windows7-x64

3

RJ01082861...nt.pak

windows10-2004-x64

3

RJ01082861...e.json

windows7-x64

3

RJ01082861...e.json

windows10-2004-x64

3

RJ01082861...es.pak

windows7-x64

3

RJ01082861...es.pak

windows10-2004-x64

3

RJ01082861...ob.bin

windows7-x64

3

RJ01082861...ob.bin

windows10-2004-x64

3

RJ01082861...GL.dll

windows7-x64

1

RJ01082861...GL.dll

windows10-2004-x64

1

RJ01082861...v2.dll

windows7-x64

1

RJ01082861...v2.dll

windows10-2004-x64

1

RJ01082861...mm.dll

windows7-x64

1

RJ01082861...mm.dll

windows10-2004-x64

1

RJ01082861...rpgmvo

windows7-x64

3

RJ01082861...rpgmvo

windows10-2004-x64

3

RJ01082861...rpgmvo

windows7-x64

3

RJ01082861...rpgmvo

windows10-2004-x64

3

RJ01082861...rpgmvo

windows7-x64

3

Analysis

  • max time kernel
    102s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 08:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RJ01082861-PC/snapshot_blob.bin

  • Size

    1.1MB

  • MD5

    175d01b0d8f417760f6a85ae0d1981bf

  • SHA1

    7374a51485ea363e747007265c8f70bfcd6bab96

  • SHA256

    4df77f0eb8a8b842a87ba8e7377a86054b444d9ef59ec6c7d111803e3ed61030

  • SHA512

    fef726d0d6efd5226d3149f39e65b9757b9640761488a5ddc3588f239d3aa69799c7bdb4d9aea9b7c12ef86ce421fcda8a58e3e3b4b155a84d781b1197cafe75

  • SSDEEP

    12288:mbzjFh0s0Z4YY1JOfFxrLiQZfjPzs5Qs7OQdpCLUmIjPhRVIEIwMsTheB/IfsiQp:mbzH0I6+QZfLzs5QWO4Dm2hZI8hevf5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\RJ01082861-PC\snapshot_blob.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\RJ01082861-PC\snapshot_blob.bin
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2540
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\RJ01082861-PC\snapshot_blob.bin"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    2af3ecfc3934d8f50dbdc111bb180308

    SHA1

    d2912a917c5c933e243da6d1d80e5ab7c3023591

    SHA256

    32cba84f98424e5ab2cc3359e4bd5a6dd7640492e2c826523e8f8b04aabaecbf

    SHA512

    2e42bef8e803da7036f1f792fb3c91c210af0089a720709399b1ac0a4ec58cdb6e69904b0a7ca9f62c64bc4099e2a0869b12fb978f9cc8f9be228cb9cbed6049

    Download Submit