Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 13:10

General

  • Target

    TikTokRizz/.vs/TikTokRizz/FileContentIndex/8819d140-dbb1-42f4-88e1-27502f877ffd.vsidx

  • Size

    14KB

  • MD5

    5307650342e8aa8c28b5e19b26cc72d9

  • SHA1

    cb660d94229ffde19c02f128856637cc2e6b20a9

  • SHA256

    d51d6199acf9cd8be3dfb535cda40eeb8188e48f4eb9fd325706c5bef80ba7c5

  • SHA512

    e61a2d24444e83313ad63aa28ff8debe9e8056605285e32238935be5f877c92ad86455635528509b80a136aa47f80057f38ff6dba263d1d5fe9d599a28104ab2

  • SSDEEP

    384:Odtieh9oW4VOP5zVPXQwIk6wI9ZUzn79AIJPXY7YnCTG8n5:K7oOPAwIsn7tJP+x5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\TikTokRizz\.vs\TikTokRizz\FileContentIndex\8819d140-dbb1-42f4-88e1-27502f877ffd.vsidx
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TikTokRizz\.vs\TikTokRizz\FileContentIndex\8819d140-dbb1-42f4-88e1-27502f877ffd.vsidx
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\TikTokRizz\.vs\TikTokRizz\FileContentIndex\8819d140-dbb1-42f4-88e1-27502f877ffd.vsidx"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    67b74ee8fd6851d54bfded9bfa28f73e

    SHA1

    65b0cb578f8da544b471b4a0f17ffe5de0177684

    SHA256

    15293e8d5d8f21b044dd0ac6c4af58fdbbeab5e30ca7bae921b88ce97de53a78

    SHA512

    1c6048bdb0e83eed4f7b9bc948cea6a5a20e1ddc24c63ca23c6a3390b8fbf3cf3980126816ae2ce06232fb8818666530aaa8d7ee69aac1b10d802e5759575557