Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
27-06-2024 21:30
Behavioral task
behavioral1
Sample
FNknoxV1 (1).rar
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
FNknoxV1 (1).rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
FNknoxV1.exe
Resource
win7-20240419-en
General
-
Target
FNknoxV1 (1).rar
-
Size
7.1MB
-
MD5
54ee74680681d2af21e9fb0bd1cef8e3
-
SHA1
d44b497e033bb3e0b6eea587e9857d6096741a97
-
SHA256
bccfea0aa1f93962c5e794076f9a1da37fa67114cf88809a3f65f6ae8bb44655
-
SHA512
32bf6d6aed84dfb68ef6b798394cb455e13d493ca716a419cc9099601e5a374a6ddd9f7a9b7f0f66ebf4e1f5cbe4fd3b4cec4324f52f23d3a0f031fb595e1021
-
SSDEEP
196608:P0ppKTn4gYSk0FqNfrRFmgbmY7Qw93lXo/8X4M3St19:P0pwUTSk0FqNftFP97193FVXJ619
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
rundll32.exepid process 2728 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2232 wrote to memory of 2728 2232 cmd.exe rundll32.exe PID 2232 wrote to memory of 2728 2232 cmd.exe rundll32.exe PID 2232 wrote to memory of 2728 2232 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\FNknoxV1 (1).rar"1⤵
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FNknoxV1 (1).rar2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2728