Overview

overview

8

Static

static

1

Cert.zip

windows7-x64

1

Cert.zip

windows10-2004-x64

1

.bash_history

windows7-x64

3

.bash_history

windows10-2004-x64

3

.bash_logout

windows7-x64

3

.bash_logout

windows10-2004-x64

3

.bashrc

windows7-x64

3

.bashrc

windows10-2004-x64

3

.profile

windows7-x64

3

.profile

windows10-2004-x64

3

AAA Certif...es.crt

windows7-x64

1

AAA Certif...es.crt

windows10-2004-x64

1

AC RAIZ FN...OS.crt

windows7-x64

1

AC RAIZ FN...OS.crt

windows10-2004-x64

1

AC RAIZ FNMT-RCM.crt

windows7-x64

1

AC RAIZ FNMT-RCM.crt

windows10-2004-x64

1

ACCVRAIZ1.crt

windows7-x64

8

ACCVRAIZ1.crt

windows10-2004-x64

1

ANF Secure...CA.crt

windows7-x64

1

ANF Secure...CA.crt

windows10-2004-x64

1

Actalis Au...CA.crt

windows7-x64

1

Actalis Au...CA.crt

windows10-2004-x64

1

AffirmTrus...al.crt

windows7-x64

1

AffirmTrus...al.crt

windows10-2004-x64

1

AffirmTrus...ng.crt

windows7-x64

1

AffirmTrus...ng.crt

windows10-2004-x64

1

AffirmTrus...CC.crt

windows7-x64

1

AffirmTrus...CC.crt

windows10-2004-x64

1

AffirmTrus...um.crt

windows7-x64

1

AffirmTrus...um.crt

windows10-2004-x64

1

Amazon Root CA 1.crt

windows7-x64

1

Amazon Root CA 1.crt

windows10-2004-x64

1

Resubmissions

17-06-2024 07:23

240617-h73bbszepa 8

17-06-2024 07:20

240617-h53t3stfmj 1

17-06-2024 07:17

240617-h4dhsszdkg 8

17-06-2024 06:22

240617-g49essyaqa 8

Analysis

  • max time kernel
    18s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bash_history

  • Size

    30B

  • MD5

    cd41a63f10a40680b3f60d5fc67af9db

  • SHA1

    2aee20db5e38cbad53d26001025604dcb7643cf3

  • SHA256

    7032a698c8561c88a6413cfdf4ee82994424f0bb78516b9c75972ee96890c354

  • SHA512

    60b575fa7b76f05dd096f163c5b645abcd9b64bf961dbd73e6a81f38506ef1b39935dd3e4e16947d30d4c2ec2e5c2f4c50b90e8393dc30b7ed0ed731f20c7bff

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\.bash_history
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\.bash_history
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\.bash_history"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5ad888ba21b02d657e02491ed1c02c3e

    SHA1

    70b96f01ae2a4435f2ab0dac7ccc90505e868c05

    SHA256

    495c854de1e34f386606a8d758fb15097d5670dc0dcf7d2b94aeb29b1c6fc2f6

    SHA512

    153ea6dc269360b1466cd5aa33377041899195d8d7bb3f41374ebe2d7e1a89cacd25852725ff494edc27e2f1e1abc82ecd4fe1434bf7c5db9b178bf86191e05b

    Download Submit