Overview

overview

3

Static

static

3

nevermisscc.rar

windows7-x64

3

nevermisscc.rar

windows10-2004-x64

3

nevermissc...a.json

windows7-x64

3

nevermissc...a.json

windows10-2004-x64

3

nevermissc...20.txt

windows7-x64

1

nevermissc...20.txt

windows10-2004-x64

1

nevermissc...er.exe

windows7-x64

1

nevermissc...er.exe

windows10-2004-x64

1

nevermissc...pd.exe

windows7-x64

1

nevermissc...pd.exe

windows10-2004-x64

1

nevermissc...me.txt

windows7-x64

1

nevermissc...me.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nevermisscc/extra.json

  • Size

    29B

  • MD5

    7067770bbafc954dbd1c55814d1adac0

  • SHA1

    8b20e2f8555bbf69cde300c37110f9c902a29ab0

  • SHA256

    6da26ad13980cc58fd545c657415f15e440dddb447c90cca07dd4b54a6ff9c32

  • SHA512

    46df78d785a7b3a885aca1e0e5b37ae8b8270afa2d30cd3a3acd5a24f6c504bbd68d83ba15462d22579d8b25d462fa08817d40f8bfa78b7cc5a23e149484d7a6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\nevermisscc\extra.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1264
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\nevermisscc\extra.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\nevermisscc\extra.json"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    9b4158a3d50262320db4614647230759

    SHA1

    f6b714228caf23d6d89e911b06774e909b5a8c40

    SHA256

    69d8d922fe812c33e53268a13d1e7d48dde25c5626cfb43295b7461d7dc7907d

    SHA512

    d81e044de0f159bfbc7f05496255771d830b6c0a2b73a5744fd5b0d139cac76d2b7f992316a21b56f65b1b092e04b7b3203da78b0b856154f2beed36c0cbfbab

    Download Submit