Overview

overview

5

Static

static

3

net8.0/Ech...s.json

windows7-x64

3

net8.0/Ech...s.json

windows10-2004-x64

3

net8.0/Ech...us.exe

windows7-x64

1

net8.0/Ech...us.exe

windows10-2004-x64

1

net8.0/Ech...us.exe

windows7-x64

1

net8.0/Ech...us.exe

windows10-2004-x64

1

net8.0/Ech...us.pdb

windows7-x64

3

net8.0/Ech...us.pdb

windows10-2004-x64

3

net8.0/Ech...g.json

windows7-x64

3

net8.0/Ech...g.json

windows10-2004-x64

3

net8.0/New...on.dll

windows7-x64

5

net8.0/New...on.dll

windows10-2004-x64

1

net8.0/Ope...rp.dll

windows7-x64

1

net8.0/Ope...rp.dll

windows10-2004-x64

1

net8.0/Ope...um.dll

windows7-x64

1

net8.0/Ope...um.dll

windows10-2004-x64

1

net8.0/Sec...s.json

windows7-x64

3

net8.0/Sec...s.json

windows10-2004-x64

3

net8.0/Sec...ay.exe

windows7-x64

1

net8.0/Sec...ay.exe

windows10-2004-x64

1

net8.0/Sec...ay.pdb

windows7-x64

3

net8.0/Sec...ay.pdb

windows10-2004-x64

3

net8.0/Sec...g.json

windows7-x64

3

net8.0/Sec...g.json

windows10-2004-x64

3

net8.0/Sys...om.dll

windows7-x64

1

net8.0/Sys...om.dll

windows10-2004-x64

1

net8.0/Sys...nt.dll

windows7-x64

1

net8.0/Sys...nt.dll

windows10-2004-x64

1

net8.0/WebDriver.dll

windows7-x64

1

net8.0/WebDriver.dll

windows10-2004-x64

1

net8.0/run...rn.dll

windows7-x64

1

net8.0/run...rn.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    net8.0/Echoes of Al Andalus.pdb

  • Size

    12KB

  • MD5

    0dc5b953eac0f3fe6fa681485c8af1b2

  • SHA1

    3b40f84aa3e6cf0ef0afc8b3a76456b3364da215

  • SHA256

    0306e6accd9696aef15194067cc1f6efce4c87e4402ff1a60fc30f7a27a86ff8

  • SHA512

    e75ac903d172959b9d4d83082c9ff9fd4c646cc997e914e4b8268d1c8f67061c146372e6b9453cbc23933a1575a70f14ea1db7a3340f0d0cb5addec42464e7bf

  • SSDEEP

    384:f7mYqucscXCH4a0sv+upEqrq6GUmgtHThtbHgfopsync7cY2ucoc:aYqyrmezfYG

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\net8.0\Echoes of Al Andalus.pdb"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\net8.0\Echoes of Al Andalus.pdb
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2112
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\net8.0\Echoes of Al Andalus.pdb"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    e8d866c61773b9f373018d3d28f4c570

    SHA1

    1ad94cc5e9eb90e4d6859f5a3b1a7b068d2201ce

    SHA256

    5bfc847a68566f2ca881f49ef6d4485cf04f33fd69957374619abc4f34f67524

    SHA512

    0f3bf706754f568846df59b114b7a71ba7b128c9458ec962e9bbea35d543ca0f4329c09bfcbd86b14a959d96f22e120d46a7b78f2e54f37067e3359f462c7ca5

    Download Submit