7171e2afc1885fe8903a6007dc4f804c21667c6688bc34cbb47fc3aa843f6d0f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x32 nigget.rar
Size

552KB
MD5

4d22143e85702b520491647e3d5ce646
SHA1

8f44fc9ccffe7f5c28b9380c4b5db81b6f44d411
SHA256

7171e2afc1885fe8903a6007dc4f804c21667c6688bc34cbb47fc3aa843f6d0f
SHA512

d0f5e8dcf6d9029484bc16ef9b6207d2cc349242da9b9e9cb34e695f4013325b019672062509f40144193f77c3673392f250c507dda7aaaf0391636a52fb3032
SSDEEP

12288:Bd08VeEK9lhFWUy3TLWXVHZwBSFxbQNR+qZ3BEI4mYF9bOH6rblA:BG+efnBMTKXVHYvBZl4mYF9bOaHlA

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1492	OpenWith.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\x32 nigget.rar"
1⤵
- Modifies registry class
PID:392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...