Overview

overview

1

Static

static

1

TradingVie...op.zip

windows7-x64

1

TradingVie...op.zip

windows10-2004-x64

1

TradingVie...b).zip

windows7-x64

1

TradingVie...b).zip

windows10-2004-x64

1

DAC/bin/Sq...ge.exe

windows7-x64

DAC/bin/Sq...ge.exe

windows10-2004-x64

Analysis

  • max time kernel
    67s
  • max time network
    80s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TradingView Desktop.zip

  • Size

    128.4MB

  • MD5

    a2e8ff728b9c93bc1cb08127875b9318

  • SHA1

    56af8f3eed580cb49ce854b93eecdfe2a31e2a63

  • SHA256

    c56a5387bd2fe32262af0891d2bcddd6bd15dac5daa5b83e0967a79b5051b4ef

  • SHA512

    be32f6e3214e54913b680da466a4a787b3526951b82135fc65724e25d31bdb6645a451428fc0843fd89ef5d4881110d849464ba744f4f60cee65431fa98a299a

  • SSDEEP

    3145728:+GsUeBrO/Rd8kDluPsBHohAQUerLzbRVEt6SCQyUUzaCA:+GsbevluObQUerFVC6SC6b

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\TradingView Desktop.zip"
    1⤵
      PID:3100
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Opened.docx" /o ""
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4756
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1760

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
        Filesize

        202B

        MD5

        dd0c1d22223d8d0e4e271a25a6576eb5

        SHA1

        24db1209d718bd8eb443da6eec2ee28d39aaecd8

        SHA256

        c5b636a315f8af0aac9068a2517dbb1fe136a77b9baefd12af102e65b28a13e2

        SHA512

        fe7568b22218c10b268c115f2209ffa8282777e354a9ce0980857879c0364f005fb6af69627e95286a8229191d34e97479498986c657c6d4a394e54731653195

        Download Submit

      • memory/4756-12-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-63-0x00007FF9B36B0000-0x00007FF9B36C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-3-0x00007FF9B36B0000-0x00007FF9B36C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-4-0x00007FF9B36B0000-0x00007FF9B36C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-5-0x00007FF9F36CD000-0x00007FF9F36CE000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4756-6-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-8-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-9-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-7-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-11-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-10-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-0-0x00007FF9B36B0000-0x00007FF9B36C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-1-0x00007FF9B36B0000-0x00007FF9B36C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-15-0x00007FF9B0E30000-0x00007FF9B0E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-14-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-16-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-17-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-18-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-19-0x00007FF9B0E30000-0x00007FF9B0E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-2-0x00007FF9B36B0000-0x00007FF9B36C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-60-0x00007FF9B36B0000-0x00007FF9B36C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-13-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4756-62-0x00007FF9B36B0000-0x00007FF9B36C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-61-0x00007FF9B36B0000-0x00007FF9B36C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4756-64-0x00007FF9F3630000-0x00007FF9F3825000-memory.dmp

        Filesize

        2.0MB

        Download