Resubmissions
14/06/2024, 01:02
240614-bdv7layeme 3Analysis
-
max time kernel
23s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
14/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
releaseBFH.rar
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
BFHSoft.rar
Resource
win11-20240419-en
Behavioral task
behavioral3
Sample
READ.txt
Resource
win11-20240508-en
General
-
Target
BFHSoft.rar
-
Size
4.5MB
-
MD5
2797bd9d0679a4dbf1a7b2882cc7dbb6
-
SHA1
e374d9fdb3bc56c09ec6c7b9879859f4f3b72662
-
SHA256
1156df9560851f8fa8bd9b0efafb76babfe9e77cf8ce5d7693421dd57391d991
-
SHA512
6533999b0d6168df92fefbc37b012a395da9e1b25c12bb8b9f15297e0ebea5bf43c6b3d0629c3e870754df153b0ad36d775819a8adb16a74336ea3f86d20f41f
-
SSDEEP
98304:qCEe7EVeSmZMbU5f8Bl9Dsu7Lel3zCKOxr5g4PAaArVJF3:qCEe7ZGblBexzg1PAaArVf
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2256 OpenWith.exe -
Suspicious use of SetWindowsHookEx 21 IoCs
pid Process 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe 2256 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\BFHSoft.rar1⤵
- Modifies registry class
PID:4936
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2256