Resubmissions

21/01/2025, 08:24 UTC

250121-ka7wnavmhr 10

12/06/2024, 04:32 UTC

240612-e6ft6a1cmr 10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 04:32 UTC

General

  • Target

    MultiHack v1.7/jvm.cfg

  • Size

    4KB

  • MD5

    e9da54c707da4e8ab2306b9f7c5f30ae

  • SHA1

    f229561832df50b9b2bbea74c7234423d9e0a61f

  • SHA256

    76c6dedcc8f51e80c08b8bead23af8168ffa0de26c57e546cefff2f4cf318bcb

  • SHA512

    d1be773d908e4eb1cdb34a3d4b9a4b2c179026711893f81cbbbeb0571388f5d44b0ade12c351e4f81439a7afd5dbfe1445d1bdd142c4c31ccf4d1ddb6ad45931

  • SSDEEP

    96:si28cXGJMpOMRVF4U6Awknpwuwjv3EgYWb8hsqWPMWMrEWBnKvTgWTWekqP3sA7L:pch/K

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\jvm.cfg"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\jvm.cfg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\MultiHack v1.7\jvm.cfg"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    d283dcf27c61998e83a69b1f623b664e

    SHA1

    1089cc8048f6543e0021f9ffe2755208071043b5

    SHA256

    82ea58d5cf09b8c39bcb6699737dbd8856265c772a8ec15888a936818f1c8901

    SHA512

    8e1c628ff280b8bce71f3aff683f59a646a0b94cda49f81e131c512cc617a60d9ac5c0fda3c2f8251746085b880dd922b9d1659ff87625a952edadc412137576

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.