Overview

overview

10

Static

static

3

archive.rar

windows7-x64

3

archive.rar

windows10-2004-x64

3

amdhip64.dll

windows7-x64

1

amdhip64.dll

windows10-2004-x64

1

concrt140.dll

windows7-x64

1

concrt140.dll

windows10-2004-x64

1

res_mods/1..._a.pyc

windows7-x64

3

res_mods/1..._a.pyc

windows10-2004-x64

3

res_mods/1..._a.xml

windows7-x64

1

res_mods/1..._a.xml

windows10-2004-x64

1

res_mods/1...me.txt

windows7-x64

1

res_mods/1...me.txt

windows10-2004-x64

1

res_mods/1...me.txt

windows7-x64

1

res_mods/1...me.txt

windows10-2004-x64

1

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

updates/icudtl.dat

windows7-x64

3

updates/icudtl.dat

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    archive.rar

  • Size

    9.7MB

  • MD5

    5b61717757e05f71db4397b2b4fae79f

  • SHA1

    87ff0f49285e5b268061106e190bdc7a2858ef63

  • SHA256

    2f718b6527df6babca62b1c7e0126bf18ad92927ecf9baf433c5f6808befd063

  • SHA512

    abb9afc4a963a633e4a627755b2cc32fc0c5c11f09518982144a7a04ffd625be950b81c35b57692142e8a18cae603738d8781d40d94e05bd1d90e53340e4d2fe

  • SSDEEP

    196608:pS03aSSqjia+n5raUAb08CpmHiVGeHUQGjrnDFhhOhBojv9s8LgUMXc:pl3zl+/raUVVGSpGfnDFhemj1VLg5M

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\archive.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\archive.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\archive.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2616
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1228

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2616-32-0x000007FEF7260000-0x000007FEF7294000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2616-31-0x000000013F140000-0x000000013F238000-memory.dmp

      Filesize

      992KB

      Download

    • memory/2616-34-0x000007FEFAEB0000-0x000007FEFAEC8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2616-35-0x000007FEFAC90000-0x000007FEFACA7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2616-36-0x000007FEF6FE0000-0x000007FEF6FF1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2616-37-0x000007FEF6FC0000-0x000007FEF6FD7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2616-38-0x000007FEF64A0000-0x000007FEF64B1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2616-39-0x000007FEF6480000-0x000007FEF649D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2616-40-0x000007FEF6460000-0x000007FEF6471000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2616-33-0x000007FEF5820000-0x000007FEF5AD4000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2616-44-0x000007FEF6430000-0x000007FEF6451000-memory.dmp

      Filesize

      132KB

      Download

    • memory/2616-46-0x000007FEF5F40000-0x000007FEF5F51000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2616-45-0x000007FEF5FB0000-0x000007FEF5FC8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2616-51-0x000007FEF5EA0000-0x000007FEF5EB8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2616-52-0x000007FEF5E70000-0x000007FEF5EA0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2616-50-0x000007FEF5EC0000-0x000007FEF5ED1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2616-53-0x000007FEF4500000-0x000007FEF4567000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2616-49-0x000007FEF5EE0000-0x000007FEF5EFB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2616-54-0x000007FEF4490000-0x000007FEF44FF000-memory.dmp

      Filesize

      444KB

      Download

    • memory/2616-60-0x000007FEF4380000-0x000007FEF43A3000-memory.dmp

      Filesize

      140KB

      Download

    • memory/2616-62-0x000007FEF4340000-0x000007FEF4352000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2616-61-0x000007FEF4360000-0x000007FEF4371000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2616-59-0x000007FEF43B0000-0x000007FEF43C7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2616-58-0x000007FEF43D0000-0x000007FEF43F4000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2616-57-0x000007FEF4400000-0x000007FEF4428000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2616-56-0x000007FEF4430000-0x000007FEF4486000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2616-55-0x000007FEF5E50000-0x000007FEF5E61000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2616-48-0x000007FEF5F00000-0x000007FEF5F11000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2616-47-0x000007FEF5F20000-0x000007FEF5F31000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2616-43-0x000007FEF5FD0000-0x000007FEF600F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2616-42-0x000007FEF4570000-0x000007FEF4770000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2616-41-0x000007FEF4770000-0x000007FEF581B000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/2616-64-0x000007FEF1D10000-0x000007FEF1E88000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2616-63-0x000007FEF1E90000-0x000007FEF3640000-memory.dmp

      Filesize

      23.7MB

      Download

    • memory/2616-75-0x000000013F140000-0x000000013F238000-memory.dmp

      Filesize

      992KB

      Download

    • memory/2616-77-0x000007FEF5820000-0x000007FEF5AD4000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2616-76-0x000007FEF7260000-0x000007FEF7294000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2616-78-0x000007FEF4770000-0x000007FEF581B000-memory.dmp

      Filesize

      16.7MB

      Download