Analysis

  • max time kernel
    23s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 16:59

General

  • Target

    SploitXE_BEta.rar

  • Size

    3.3MB

  • MD5

    68f23738f5bf5e2612eb02d5e1526b8a

  • SHA1

    f59898686617dab7a596f5c452e4a38d90b90449

  • SHA256

    e9c4cdb578c440ae2f25590d9ad7b155ae309d4f0cdc67c1f9528e070b30fac9

  • SHA512

    3897abe5798c11bbe8ca45c59c1a73d055313bc41b42ef7feba9a504f01d7fa155d4a7b26193c51cbb1ccc245305ad71f7c900dbee15316261d09f997119bcb2

  • SSDEEP

    98304:oEc3CcFLpIlSZfA9l0N4MRpJ7BwsE60b81jvO:+lVugOlCRpJ7BwsEGZm

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SploitXE_BEta.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SploitXE_BEta.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SploitXE_BEta.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\SploitXE_BEta.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:1596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1596-30-0x000007FEFABF0000-0x000007FEFAC24000-memory.dmp

    Filesize

    208KB

  • memory/1596-29-0x000000013FEC0000-0x000000013FFB8000-memory.dmp

    Filesize

    992KB

  • memory/1596-32-0x000007FEF7EA0000-0x000007FEF7EB8000-memory.dmp

    Filesize

    96KB

  • memory/1596-33-0x000007FEF70E0000-0x000007FEF70F7000-memory.dmp

    Filesize

    92KB

  • memory/1596-34-0x000007FEF70C0000-0x000007FEF70D1000-memory.dmp

    Filesize

    68KB

  • memory/1596-35-0x000007FEF70A0000-0x000007FEF70B7000-memory.dmp

    Filesize

    92KB

  • memory/1596-36-0x000007FEF7080000-0x000007FEF7091000-memory.dmp

    Filesize

    68KB

  • memory/1596-37-0x000007FEF7060000-0x000007FEF707D000-memory.dmp

    Filesize

    116KB

  • memory/1596-31-0x000007FEF5E30000-0x000007FEF60E6000-memory.dmp

    Filesize

    2.7MB

  • memory/1596-38-0x000007FEF7040000-0x000007FEF7051000-memory.dmp

    Filesize

    68KB