Analysis
-
max time kernel
67s -
max time network
80s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 22:30
Static task
static1
Behavioral task
behavioral1
Sample
TradingView Desktop.zip
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
TradingView Desktop.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
TradingView_Desktop_(password_github).zip
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TradingView_Desktop_(password_github).zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
DAC/bin/SqlPackage.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
DAC/bin/SqlPackage.exe
Resource
win10v2004-20240508-en
General
-
Target
TradingView Desktop.zip
-
Size
128.4MB
-
MD5
a2e8ff728b9c93bc1cb08127875b9318
-
SHA1
56af8f3eed580cb49ce854b93eecdfe2a31e2a63
-
SHA256
c56a5387bd2fe32262af0891d2bcddd6bd15dac5daa5b83e0967a79b5051b4ef
-
SHA512
be32f6e3214e54913b680da466a4a787b3526951b82135fc65724e25d31bdb6645a451428fc0843fd89ef5d4881110d849464ba744f4f60cee65431fa98a299a
-
SSDEEP
3145728:+GsUeBrO/Rd8kDluPsBHohAQUerLzbRVEt6SCQyUUzaCA:+GsbevluObQUerFVC6SC6b
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4756 WINWORD.EXE 4756 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 4756 WINWORD.EXE 4756 WINWORD.EXE 4756 WINWORD.EXE 4756 WINWORD.EXE 4756 WINWORD.EXE 4756 WINWORD.EXE 4756 WINWORD.EXE
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\TradingView Desktop.zip"1⤵PID:3100
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Opened.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4756
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
202B
MD5dd0c1d22223d8d0e4e271a25a6576eb5
SHA124db1209d718bd8eb443da6eec2ee28d39aaecd8
SHA256c5b636a315f8af0aac9068a2517dbb1fe136a77b9baefd12af102e65b28a13e2
SHA512fe7568b22218c10b268c115f2209ffa8282777e354a9ce0980857879c0364f005fb6af69627e95286a8229191d34e97479498986c657c6d4a394e54731653195