Analysis

  • max time kernel
    98s
  • max time network
    110s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15-06-2024 14:27

General

  • Target

    Malaka_Executor_V4.2.rar

  • Size

    5.5MB

  • MD5

    35908c77fa65cc75b0af7a15bb2cd977

  • SHA1

    1559571339163b1481122bac7cbc81e3858fcc29

  • SHA256

    2f78e9f4886465f1abd7e6d24781ee927a8691639d51d77388a43d465c5291a3

  • SHA512

    b88dd77e10979e1aa911a51dd25a7778323deeb94e342810979ab17287933f032b708420b7be261c4fcd43a3e6a52c6904ade422c874f5a8a6e8244c5965a3a4

  • SSDEEP

    98304:mElZjVmZUwo6HMB0yg4pomwKM8j+qMHCqo7uZwnOzvVwQvi6ovxq12gS7Oas89oj:RZjAmmHMGyg4poOMLI7nwiQva5q12gl5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 32 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Malaka_Executor_V4.2.rar
    1⤵
    • Modifies registry class
    PID:792
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Malaka_Executor_V4.2.rar"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
    Filesize

    97B

    MD5

    7fa148995311365735f6833f7c2ece08

    SHA1

    aa5b41b83798245a6cbdf07030baf5a2f6c19786

    SHA256

    494cc65065d6e4e0faf7590319aab632c9920918001da72234203c8249be068b

    SHA512

    397a3ddd255bbe14932a0370fc8366dc70ea4376fffc65a8f7339b1b4559347219c0c4e29c4fa31b3ea8d0a17aee1852993054d2e2745b79b6b1f4e823fe65f8

  • memory/4284-24-0x00007FFB84C40000-0x00007FFB84C74000-memory.dmp
    Filesize

    208KB

  • memory/4284-23-0x00007FF69FCF0000-0x00007FF69FDE8000-memory.dmp
    Filesize

    992KB

  • memory/4284-25-0x00007FFB72D80000-0x00007FFB73036000-memory.dmp
    Filesize

    2.7MB

  • memory/4284-26-0x00007FFB71AA0000-0x00007FFB72B50000-memory.dmp
    Filesize

    16.7MB