Overview

overview

10

Static

static

9

08.06.2024...y].zip

windows7-x64

1

08.06.2024...y].zip

windows10-2004-x64

1

OPEN ME.rar

windows7-x64

3

OPEN ME.rar

windows10-2004-x64

3

SolaraX.exe

windows7-x64

10

SolaraX.exe

windows10-2004-x64

10

dll/VMProt...32.dll

windows7-x64

1

dll/VMProt...32.dll

windows10-2004-x64

3

dll/VMProt...32.lib

windows7-x64

3

dll/VMProt...32.lib

windows10-2004-x64

3

dll/autoex...SE.txt

windows7-x64

1

dll/autoex...SE.txt

windows10-2004-x64

1

dll/celeryuwp.dll

windows7-x64

1

dll/celeryuwp.dll

windows10-2004-x64

1

dll/celeryuwpver

windows7-x64

1

dll/celeryuwpver

windows10-2004-x64

1

dll/uwpoff.bin

windows7-x64

3

dll/uwpoff.bin

windows10-2004-x64

3

dll/uwpoffver

windows7-x64

1

dll/uwpoffver

windows10-2004-x64

1

dll/uwpversion.txt

windows7-x64

1

dll/uwpversion.txt

windows10-2004-x64

1

scripts/scripts.dll

windows7-x64

1

scripts/scripts.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08-06-2024 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dll/uwpoff.bin

  • Size

    5KB

  • MD5

    f6bd9ca8a75d0e07cfd57177cf7bdab3

  • SHA1

    a876290038821ce7ae8d14e3db3286323f22caa7

  • SHA256

    6b1f4c2089b4086bdfd8b11e90721baffe74ddad2240c787e0245e49e93ac332

  • SHA512

    3b1521a404c47c795d2c960bc3edb5e91cc5e598da3c135c16d46b74dd59a0d3dd44c4dc3158f347489b283a7194bf100389cfeb87d8379e6fcc791705fbfb1a

  • SSDEEP

    48:SClA9KbxnWqU6o+MKd2kbcrzQUuPIKtcuMj18SYlt+gtXvsY9W2XApEdF0/JxNyV:nlAkbAeo+BcPNuMuLlhtX7ptv0/H9Cww

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dll\uwpoff.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dll\uwpoff.bin
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dll\uwpoff.bin"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2412

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0424622db71ebbee56bfc90bd411be9f

    SHA1

    9a76e37906c193a81580b4573af185c51b9368b6

    SHA256

    5351db0fb5fb93a38740873ae6f12691f6078ef268381161eca86f8033cf29c6

    SHA512

    8913149a7e654573b5c3d7c3539619611d00bd44889b7cc6478b3f68257de9d5a4b80e6733759c313fa29859fb2c4308195b4b5b10e565baea862f91b258e962

    Download Submit