Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
08-06-2024 18:12
General
-
Target
http_spy.lua
-
Size
18KB
-
MD5
2cbdcc4d9db284b5b593a4c0991bba6e
-
SHA1
4c3b2f83b70ac05f5cd97057224d16e18048d2cf
-
SHA256
1e719a26f56bb686745db7020baa3075180879aab1141b0e8fa398170778affe
-
SHA512
927027cfb47fbc555ed48c0b6e0e8dd5c9f0f096a87474e91c21158d55c518de6bbff4b5ada0a5f22a2f619cd0230bcdde47c116fa930e9ca00b2c0827f8c05d
-
SSDEEP
384:ZkIF5uQgSQEEWhSQEyME1z5wEk23wEk2uwESskSwESskqps8A4ubuSul0w:ZTF5/QEEW8QEyME15wEk23wEk2uwESsb
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\http_spy.lua1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\http_spy.lua2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\http_spy.lua"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5790e467ed66ebc212ca12c22a92176e7
SHA169a842f85789dc781c97de03d6d6116cec216ff8
SHA256f39bd9c813acca8a9d669d170ddfdd446605f94df55b4af0226f40b2933b2c42
SHA512b3c3efcaaf24c4f691dcd0aa350e65ce3d513f879d290a2980c80f1cb62db007666f24c15a0ab7716b2fa13a08c5c64226d6145e40d43b8d43812b1f97863fe4