Overview

overview

10

Static

static

1

Data2.zip

windows7-x64

1

Data2.zip

windows10-2004-x64

1

hv.exe

windows7-x64

5

hv.exe

windows10-2004-x64

10

iepdf32.dll

windows7-x64

3

iepdf32.dll

windows10-2004-x64

3

rhombohedron.ai

windows7-x64

3

rhombohedron.ai

windows10-2004-x64

3

shovelnose.deb

windows7-x64

3

shovelnose.deb

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 06:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rhombohedron.ai

  • Size

    59KB

  • MD5

    674dfd74a1bef081bf0da83f893138e5

  • SHA1

    2a254cc02fea4c55bbc3133b99a9e2fd03082ae7

  • SHA256

    67ff95298e395543ea0c9eeec6bfff81688df379bec578aa31c52d214b385180

  • SHA512

    0b2bfbe287a037d46d881a00638a3c272197cf3537bc74169c07c7721cda2bf94927268bfd6cb965ad56e1ac98e3466d809cbc67f2e4d971dd0d7da9568a4cce

  • SSDEEP

    768:mw3MXcFaDu4TOhFy3e+BYNuBBwsVMOTeKL7WSX2VZ4kEIs18Ai9my:tkgaDXOhFm/YGBwi57DEdV9my

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\rhombohedron.ai
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\rhombohedron.ai
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\rhombohedron.ai"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4d944bda86d1726bf675e0d0212423c5

    SHA1

    b3168b93061e7e4a812403b65ab673afbc3cb7d7

    SHA256

    2103d883f689145867b3e8c8315e74023bcd2a0c4e6f9390e0c5a65b471144d0

    SHA512

    c2426244cbd0ae30b29c1b50e09386b5ee879b29fed0e2ac44dd686456d22ba2ba39ed3ab81619d3efa00e4aebc4d6915bacb2ee466ec12fe18035c666ca68ad

    Download Submit