Overview

overview

10

Static

static

3

Adj L3210 pure.zip

windows11-21h2-x64

1

L3210 1210...ee.zip

windows11-21h2-x64

1

Ajdprog.exe

windows11-21h2-x64

10

EditText.dat

windows11-21h2-x64

3

ErrorDetail.dat

windows11-21h2-x64

3

F2_discharge.prn

windows11-21h2-x64

3

LimitSample.exe

windows11-21h2-x64

1

LimitSample.exe.xml

windows11-21h2-x64

1

StrGene.dll

windows11-21h2-x64

3

apdadrv.dll

windows11-21h2-x64

1

caution.bmp

windows11-21h2-x64

3

headid.bmp

windows11-21h2-x64

3

nw_resetdata.dat

windows11-21h2-x64

3

prnerror.bmp

windows11-21h2-x64

3

prnidle.bmp

windows11-21h2-x64

3

Analysis

  • max time kernel
    127s
  • max time network
    138s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-06-2024 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    headid.bmp

  • Size

    208KB

  • MD5

    bd2d076f0d4c5cb4e4dd622edeff72b3

  • SHA1

    c47f7df6e2367e74b0ed982959a8a2071b389919

  • SHA256

    268119e12ae85210e6da2d1e98c8d66b267c8696cc3a9e590b79b9546d9363af

  • SHA512

    f347523042c52a81ac26a337f797d05a429842584658d74b87dffe3f5449c9ee51ec2589d0b57f344c96945151ee5b458bc6817aeb87bbe22a6644962ccecb43

  • SSDEEP

    6144:MyKMtf+7yYmNp5OlRstVQVCuusk1d9lXFHYRc:Mxmf+7yYmtOmuusK9tFsc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\headid.bmp
    1⤵
    • Modifies registry class
    PID:1400
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads