Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28/06/2024, 07:40

General

  • Target

    78A6D2F616BEA044E94822242E947A9C716EC2960AF5130AB430F8AE1DDC49FF.apk

  • Size

    56.6MB

  • MD5

    37b5ac882253b4b20f4ab0dce42d4710

  • SHA1

    b021fcca130f0d353848c84e111fa0f788d8f600

  • SHA256

    cc3c5a58898a81aa0535462426af70dd0ff896c518ad41d56c7ba2e17d143607

  • SHA512

    f544a4df899aa34f137b3d462d2211980d9cd773877f9c4d234e4963c0f8ab552633465fc9ec6c55e94b00d0adea6d7bc38325d21796dd798e2c86c9cf4ba521

  • SSDEEP

    1572864:ZUM2tYv016HFbTTSgx2iGSosw2qkGX2/NhunnFljkeWH+HHKrj5r5Rk:ZUMyobSmPoj5Xw2nnFpkhH+nKrj55e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\78A6D2F616BEA044E94822242E947A9C716EC2960AF5130AB430F8AE1DDC49FF.apk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\78A6D2F616BEA044E94822242E947A9C716EC2960AF5130AB430F8AE1DDC49FF.apk
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\78A6D2F616BEA044E94822242E947A9C716EC2960AF5130AB430F8AE1DDC49FF.apk"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    ee47b021d6e8dbc9758eab844196c991

    SHA1

    93ff45babfdb7ee13ff0edf59624eca5fd9e6db1

    SHA256

    beb7406324091c63fa1d99b91fa02c92916558f8033f16d2b6b648fc67ba11f1

    SHA512

    d58b273ba0267ebdbc8bc5909eaf4c07af00adef9df82c8873405a33d7d9d1abb152b4a69e2272d4ef084be6f84c01fcdf36c024a27ccdb85e7147ed48ce46f7