Analysis

  • max time kernel
    144s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27-06-2024 21:29

General

  • Target

    FNknoxV1 (1).rar

  • Size

    7.1MB

  • MD5

    54ee74680681d2af21e9fb0bd1cef8e3

  • SHA1

    d44b497e033bb3e0b6eea587e9857d6096741a97

  • SHA256

    bccfea0aa1f93962c5e794076f9a1da37fa67114cf88809a3f65f6ae8bb44655

  • SHA512

    32bf6d6aed84dfb68ef6b798394cb455e13d493ca716a419cc9099601e5a374a6ddd9f7a9b7f0f66ebf4e1f5cbe4fd3b4cec4324f52f23d3a0f031fb595e1021

  • SSDEEP

    196608:P0ppKTn4gYSk0FqNfrRFmgbmY7Qw93lXo/8X4M3St19:P0pwUTSk0FqNftFP97193FVXJ619

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\FNknoxV1 (1).rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FNknoxV1 (1).rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FNknoxV1 (1).rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2472
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\FNknoxV1 (1).rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2976-30-0x000007FEFB280000-0x000007FEFB2B4000-memory.dmp

    Filesize

    208KB

  • memory/2976-29-0x000000013F320000-0x000000013F418000-memory.dmp

    Filesize

    992KB

  • memory/2976-32-0x000007FEFB260000-0x000007FEFB278000-memory.dmp

    Filesize

    96KB

  • memory/2976-33-0x000007FEFB240000-0x000007FEFB257000-memory.dmp

    Filesize

    92KB

  • memory/2976-34-0x000007FEFB220000-0x000007FEFB231000-memory.dmp

    Filesize

    68KB

  • memory/2976-35-0x000007FEFB200000-0x000007FEFB217000-memory.dmp

    Filesize

    92KB

  • memory/2976-36-0x000007FEFADC0000-0x000007FEFADD1000-memory.dmp

    Filesize

    68KB

  • memory/2976-37-0x000007FEFADA0000-0x000007FEFADBD000-memory.dmp

    Filesize

    116KB

  • memory/2976-31-0x000007FEF64B0000-0x000007FEF6766000-memory.dmp

    Filesize

    2.7MB

  • memory/2976-38-0x000007FEF7EC0000-0x000007FEF7ED1000-memory.dmp

    Filesize

    68KB

  • memory/2976-43-0x000007FEF7D30000-0x000007FEF7D48000-memory.dmp

    Filesize

    96KB

  • memory/2976-45-0x000007FEF7050000-0x000007FEF7061000-memory.dmp

    Filesize

    68KB

  • memory/2976-46-0x000007FEF6BD0000-0x000007FEF6BE1000-memory.dmp

    Filesize

    68KB

  • memory/2976-50-0x000007FEF6B40000-0x000007FEF6B70000-memory.dmp

    Filesize

    192KB

  • memory/2976-40-0x000007FEF6170000-0x000007FEF637B000-memory.dmp

    Filesize

    2.0MB

  • memory/2976-44-0x000007FEF71A0000-0x000007FEF71B1000-memory.dmp

    Filesize

    68KB

  • memory/2976-49-0x000007FEF6B70000-0x000007FEF6B88000-memory.dmp

    Filesize

    96KB

  • memory/2976-55-0x000007FEF6AF0000-0x000007FEF6B18000-memory.dmp

    Filesize

    160KB

  • memory/2976-54-0x000007FEF6020000-0x000007FEF6077000-memory.dmp

    Filesize

    348KB

  • memory/2976-53-0x000007FEF6B20000-0x000007FEF6B31000-memory.dmp

    Filesize

    68KB

  • memory/2976-56-0x000007FEF5FF0000-0x000007FEF6014000-memory.dmp

    Filesize

    144KB

  • memory/2976-52-0x000007FEF6080000-0x000007FEF60FC000-memory.dmp

    Filesize

    496KB

  • memory/2976-57-0x000007FEF5FD0000-0x000007FEF5FE8000-memory.dmp

    Filesize

    96KB

  • memory/2976-58-0x000007FEF5FA0000-0x000007FEF5FC3000-memory.dmp

    Filesize

    140KB

  • memory/2976-59-0x000007FEF5F80000-0x000007FEF5F91000-memory.dmp

    Filesize

    68KB

  • memory/2976-60-0x000007FEF5F60000-0x000007FEF5F72000-memory.dmp

    Filesize

    72KB

  • memory/2976-61-0x000007FEF7BF0000-0x000007FEF7C11000-memory.dmp

    Filesize

    132KB

  • memory/2976-62-0x000007FEF23A0000-0x000007FEF23B1000-memory.dmp

    Filesize

    68KB

  • memory/2976-63-0x000007FEFB430000-0x000007FEFB440000-memory.dmp

    Filesize

    64KB

  • memory/2976-51-0x000007FEF6100000-0x000007FEF6167000-memory.dmp

    Filesize

    412KB

  • memory/2976-64-0x000007FEF1FB0000-0x000007FEF1FDF000-memory.dmp

    Filesize

    188KB

  • memory/2976-65-0x000007FEF1F90000-0x000007FEF1FA1000-memory.dmp

    Filesize

    68KB

  • memory/2976-48-0x000007FEF6B90000-0x000007FEF6BA1000-memory.dmp

    Filesize

    68KB

  • memory/2976-47-0x000007FEF6BB0000-0x000007FEF6BCB000-memory.dmp

    Filesize

    108KB

  • memory/2976-66-0x000007FEF1C30000-0x000007FEF1C46000-memory.dmp

    Filesize

    88KB

  • memory/2976-42-0x000007FEF7070000-0x000007FEF7091000-memory.dmp

    Filesize

    132KB

  • memory/2976-41-0x000007FEF71C0000-0x000007FEF7201000-memory.dmp

    Filesize

    260KB

  • memory/2976-68-0x000007FEF1980000-0x000007FEF19C2000-memory.dmp

    Filesize

    264KB

  • memory/2976-67-0x000007FEF1B60000-0x000007FEF1C25000-memory.dmp

    Filesize

    788KB

  • memory/2976-69-0x000007FEF1910000-0x000007FEF1972000-memory.dmp

    Filesize

    392KB

  • memory/2976-70-0x000007FEF18A0000-0x000007FEF190D000-memory.dmp

    Filesize

    436KB

  • memory/2976-39-0x000007FEF4970000-0x000007FEF5A20000-memory.dmp

    Filesize

    16.7MB

  • memory/2976-71-0x000007FEF0E90000-0x000007FEF1010000-memory.dmp

    Filesize

    1.5MB