Overview

overview

7

Static

static

3

BetterDisc...ws.exe

windows7-x64

7

BetterDisc...ws.exe

windows10-2004-x64

5

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.bmp

windows7-x64

3

$PLUGINSDI...sh.bmp

windows10-2004-x64

7

LICENSE.electron.txt

windows7-x64

1

LICENSE.electron.txt

windows10-2004-x64

1

chrome_100...nt.pak

windows7-x64

3

chrome_100...nt.pak

windows10-2004-x64

3

chrome_200...nt.pak

windows7-x64

3

chrome_200...nt.pak

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

3

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

icudtl.dat

windows7-x64

3

icudtl.dat

windows10-2004-x64

3

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

3

libGLESv2.dll

windows10-2004-x64

3

locales/am.pak

windows7-x64

3

locales/am.pak

windows10-2004-x64

3

locales/ar.pak

windows7-x64

3

locales/ar.pak

windows10-2004-x64

3

locales/bg.pak

windows7-x64

3

locales/bg.pak

windows10-2004-x64

3

locales/bn.pak

windows7-x64

3

locales/bn.pak

windows10-2004-x64

3

locales/ca.pak

windows7-x64

3

locales/ca.pak

windows10-2004-x64

3

locales/cs.pak

windows7-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    29-06-2024 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    locales/cs.pak

  • Size

    107KB

  • MD5

    0325d16a747cca73a3a2b0c94fac123d

  • SHA1

    e5989627742ecee5f8996001002e97627bfbe10d

  • SHA256

    c00829fc57c7e1e5419fe3202f114d394a590b8b32b1e55af42772c93755945d

  • SHA512

    b824297df25c097251432fa72ae1258092e692ff3e4c527599897d7d3e71007cbd80e300de54b87146889f71d537c7d297c1b3cac04b6e08d7ce29132ec9e5dc

  • SSDEEP

    1536:6G+wdXqt5qYSP7ymjLEwoVD33zSYoYlBw/dhRRkP+8QUQdbiE:JvXPjyfaYl6/P2+8QUQdbd

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\locales\cs.pak
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\locales\cs.pak
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\locales\cs.pak"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    8458d0d3d093c014916ac8604a056855

    SHA1

    f224bb39256b96c971dfc92100daa43b86445211

    SHA256

    579eaf892faf600e12512a37b9bf7ca64ad2d4309c51d8e5ed61fcabbf2826ce

    SHA512

    62adc8a5ac660132a9fa5e5e341ace6d9428e2670a4ab19f35cf87523fb54e9b53b88af91f42a1be0b549a896fb737965050b258feef06c22620acc6e706f8f8

    Download Submit