Malware Analysis Report

2024-10-10 09:56

Sample ID 240702-rbvfaazcpq
Target ElectricLauncher.7z
SHA256 01342213b45659a27b48f65b73b7043b84faba91ca8f80963560d824097e5ed1
Tags
umbral
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

01342213b45659a27b48f65b73b7043b84faba91ca8f80963560d824097e5ed1

Threat Level: Known bad

The file ElectricLauncher.7z was found to be: Known bad.

Malicious Activity Summary

umbral

Detect Umbral payload

Umbral family

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-02 14:02

Signatures

Detect Umbral payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Umbral family

umbral

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-02 14:01

Reported

2024-07-02 14:03

Platform

win10-20240404-en

Max time kernel

15s

Max time network

17s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\ElectricLauncher.7z

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\ElectricLauncher.7z

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

N/A

Files

N/A