d3ca102b990985518abf51ba8d71af250d10d9a017cfda853bbd71eafec3de0a

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Built/osint.deps.json
Size

39KB
MD5

707b1c4f3117af74ae55e9e243d0ecc3
SHA1

cea67d8eb77c1bf8f597265677d4036728ee10c5
SHA256

1e0f3e7a3a44b3e108dd684fc7e181ccc3320dd4b8daa4ff7894e63ddbd88c00
SHA512

d286509d1eb1522c3c6f5ca5498b76b5ec32f48a4630e61085ee27426b76023f4d2bca6ac3b294267a5c879d32dcde6e4ebf6e029e60976826421808b4d03efc
SSDEEP

384:C+KetokiOGwMl7JIuRmkzbbjGgtsxxqqgk5VSte6E5sO+wH3HvQtqO3zIC1mxIr9:CIABRpbPGgCnPScH3HItqO3zIC2Gzn3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\json_auto_file\	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\json_auto_file\shell\Read	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\json_auto_file\shell	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\json_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\""	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\json_auto_file	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\json_auto_file\shell\Read\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\.json	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\.json\ = "json_auto_file"	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2816	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2816	AcroRd32.exe
2816	AcroRd32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2732	1868	cmd.exe	29
PID 1868 wrote to memory of 2732	1868	cmd.exe	29
PID 1868 wrote to memory of 2732	1868	cmd.exe	29
PID 2732 wrote to memory of 2816	2732	rundll32.exe	30
PID 2732 wrote to memory of 2816	2732	rundll32.exe	30
PID 2732 wrote to memory of 2816	2732	rundll32.exe	30
PID 2732 wrote to memory of 2816	2732	rundll32.exe	30

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Built\osint.deps.json
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Built\osint.deps.json
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Built\osint.deps.json"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b966b287d9510fe58a0cf87489eeba39

SHA1
a31de5b3c2d2bce0987791162fa6aca690be6183

SHA256
4eef96a7b212ba77a03549f3fbb855ff1c4e0ec298791663365ef84a80a4c11a

SHA512
34e73105a75727196529a5073fb4e3a96409ef66966a7b332f0a0a50a78b263b6e3ebf905fdfab7b6d9ba5414b0a9c688208113ab4d31fe21a2e7d197a058f9d

Download Submit