Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    21-06-2024 10:30

General

  • Target

    3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk

  • Size

    531KB

  • MD5

    3d62760cc1b53064b7cabb6ba5809aa8

  • SHA1

    87f23e331ed8ffcc5e26d43e38cda7723ca67f3c

  • SHA256

    3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913

  • SHA512

    a18f05ef5aa1c2c08c47f18f0040e2f1c9c11395097bfc56fccc4e44c06d94d0e1fffdc4a9de4c175bf59d1115b99a268b18e873598e58aee7d478d8dfd604d4

  • SSDEEP

    12288:J1vJnNQoG6nIA0uqMa9nWUjojagxLo+ghB5KrnjSw:JVJnCoG630rnWFjHoNhBIHSw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:352
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3b5558487a749f6b653a717a1061aee1d44a5e1ed501ac2651de1075ed865913.apk"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2820

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    701116fb8c8af56962175250f4eb7b43

    SHA1

    53127dfed3415c40e1b6bb5b43024b060d77deda

    SHA256

    b1fcfd9adaaa92ae1558bebd4f0c1bf2aa739e22a7c06f45ae87c99d70c45b4e

    SHA512

    bb4914b861ee6d3ede8d85041cd563f9d75a95274bdfbbb5d01cfdcd38a334d34a69b4fe57ff0af221cd0892e064a3e05862a6ea2280d862f048813157202dd7