Overview

overview

3

Static

static

3

New Compre...er.zip

windows7-x64

1

New Compre...er.zip

windows10-2004-x64

1

net8.0/JObject.dll

windows7-x64

1

net8.0/JObject.dll

windows10-2004-x64

1

net8.0/New...on.dll

windows7-x64

1

net8.0/New...on.dll

windows10-2004-x64

1

net8.0/Spo...s.json

windows7-x64

3

net8.0/Spo...s.json

windows10-2004-x64

3

net8.0/Spo...se.exe

windows7-x64

1

net8.0/Spo...se.exe

windows10-2004-x64

1

net8.0/Spo...se.exe

windows7-x64

1

net8.0/Spo...se.exe

windows10-2004-x64

1

net8.0/Spo...se.pdb

windows7-x64

3

net8.0/Spo...se.pdb

windows10-2004-x64

3

net8.0/Spo...g.json

windows7-x64

3

net8.0/Spo...g.json

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2024, 10:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    net8.0/Spoofer Base.runtimeconfig.json

  • Size

    340B

  • MD5

    253333997e82f7d44ea8072dfae6db39

  • SHA1

    03b9744e89327431a619505a7c72fd497783d884

  • SHA256

    28329cf08f6505e73806b17558b187c02f0c1c516fe47ebfb7a013d082aaa306

  • SHA512

    56d99039e0fb6305588e9f87361e7e0d5051507bf321ba36619c4d29741f35c27c62f025a52523c9e1c7287aabf1533444330a8cdf840fa5af0fa2241fcb4fc2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\net8.0\Spoofer Base.runtimeconfig.json"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\net8.0\Spoofer Base.runtimeconfig.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\net8.0\Spoofer Base.runtimeconfig.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0d162b85a15522e1b4a5b718d7b197c8

    SHA1

    d7c15a564165665e9bc107397d06a93f3aa2557f

    SHA256

    e911ec1866f964dc94c6fcd6c6aa1a098c53ac10726da8d1b2ef53256937b34c

    SHA512

    e58b7aed1875f698359a7d82ec930d87edbc4528057f3fe65464bb6b0a11e05c322d11892ea05472f00567263e461efb17946e20694f07b57c399812ce19dbb5

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.