Overview

overview

8

Static

static

1

Cert.zip

windows7-x64

1

Cert.zip

windows10-2004-x64

1

.bash_history

windows7-x64

3

.bash_history

windows10-2004-x64

3

.bash_logout

windows7-x64

3

.bash_logout

windows10-2004-x64

3

.bashrc

windows7-x64

3

.bashrc

windows10-2004-x64

3

.profile

windows7-x64

3

.profile

windows10-2004-x64

3

AAA Certif...es.crt

windows7-x64

1

AAA Certif...es.crt

windows10-2004-x64

1

AC RAIZ FN...OS.crt

windows7-x64

1

AC RAIZ FN...OS.crt

windows10-2004-x64

1

AC RAIZ FNMT-RCM.crt

windows7-x64

1

AC RAIZ FNMT-RCM.crt

windows10-2004-x64

1

ACCVRAIZ1.crt

windows7-x64

8

ACCVRAIZ1.crt

windows10-2004-x64

1

ANF Secure...CA.crt

windows7-x64

1

ANF Secure...CA.crt

windows10-2004-x64

1

Actalis Au...CA.crt

windows7-x64

1

Actalis Au...CA.crt

windows10-2004-x64

1

AffirmTrus...al.crt

windows7-x64

1

AffirmTrus...al.crt

windows10-2004-x64

1

AffirmTrus...ng.crt

windows7-x64

1

AffirmTrus...ng.crt

windows10-2004-x64

1

AffirmTrus...CC.crt

windows7-x64

1

AffirmTrus...CC.crt

windows10-2004-x64

1

AffirmTrus...um.crt

windows7-x64

1

AffirmTrus...um.crt

windows10-2004-x64

1

Amazon Root CA 1.crt

windows7-x64

1

Amazon Root CA 1.crt

windows10-2004-x64

1

Resubmissions

17-06-2024 07:23

240617-h73bbszepa 8

17-06-2024 07:20

240617-h53t3stfmj 1

17-06-2024 07:17

240617-h4dhsszdkg 8

17-06-2024 06:22

240617-g49essyaqa 8

Analysis

  • max time kernel
    18s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bashrc

  • Size

    3KB

  • MD5

    1f98b8f3f3c8f8927eca945d59dcc1c6

  • SHA1

    c4d853993e323432cb84359de2c319b9a767b729

  • SHA256

    342099da4dd28c394d3f8782d90d7465cb2eaa611193f8f378d6918261cb9bb8

  • SHA512

    33bb97936e54fe797b5046ece9c04313306fdc1470c959593f5cc2c641066372f2aee759db3a1bf45470b10c98ca964388172ded77eacaf2500e428d4f00331f

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\.bashrc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\.bashrc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\.bashrc"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5f8f84a378aa7cda03d4185891be0f9c

    SHA1

    370ba87e0fbde41eb307421758bdf4361dbf5ad2

    SHA256

    613791218149d9db7503567aa9aef6b483c8174ac62cc1ad992818e79e6ecd7e

    SHA512

    91dde80c86520579b921a506d2c26039048f4287d9362f2889794c2c98d7df084891b5e714a151d0422424f984f982c4a5d8b54d9d64c0fc81ec214b3b85ca3b

    Download Submit