Overview

overview

10

Static

static

3

archive.rar

windows7-x64

3

archive.rar

windows10-2004-x64

3

amdhip64.dll

windows7-x64

1

amdhip64.dll

windows10-2004-x64

1

concrt140.dll

windows7-x64

1

concrt140.dll

windows10-2004-x64

1

res_mods/1..._a.pyc

windows7-x64

3

res_mods/1..._a.pyc

windows10-2004-x64

3

res_mods/1..._a.xml

windows7-x64

1

res_mods/1..._a.xml

windows10-2004-x64

1

res_mods/1...me.txt

windows7-x64

1

res_mods/1...me.txt

windows10-2004-x64

1

res_mods/1...me.txt

windows7-x64

1

res_mods/1...me.txt

windows10-2004-x64

1

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

updates/icudtl.dat

windows7-x64

3

updates/icudtl.dat

windows10-2004-x64

3

Analysis

  • max time kernel
    45s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    updates/icudtl.dat

  • Size

    9.8MB

  • MD5

    65c6337820fbe9bf2498a9395e3b20f2

  • SHA1

    5cc62646e6c73b4be276d08719bc5e257af972bb

  • SHA256

    33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4

  • SHA512

    4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9

  • SSDEEP

    196608:g7UPty2ACLA2cliXUxR0jHz93Whl96p6VJQ:V12CLAZliXUxR0jHz93Whl96p6VJQ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\updates\icudtl.dat
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\updates\icudtl.dat
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\updates\icudtl.dat"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    c4482e27fb603fe5c692bb466bf37690

    SHA1

    96f6f7f24303563ae8bf5af73098bb12310b65ab

    SHA256

    7bff2b5b61268600a645c6ec7e27f2cae1e0c15804826ec44b404bf6b4e933e1

    SHA512

    aada823a7704cb13de2520155812fc4f45dc2cd40f30ef92e04f3706e461111043c510b7d9fd3ed5000bb168e6b6e808151153d1b59f9466d50c3af1ad1cf942

    Download Submit