Overview

overview

5

Static

static

3

Bank Detai...on.rar

windows7-x64

3

Bank Detai...on.rar

windows10-2004-x64

3

Bank Detai...on.exe

windows7-x64

5

Bank Detai...on.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    46s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    03-07-2024 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bank Details-Confirmation.rar

  • Size

    710KB

  • MD5

    31ddaceaa727a70d541e2a595e87afc4

  • SHA1

    0c12d4aed6652b46f59f8ae401da98a5e9cfa270

  • SHA256

    dc9a9a17ee3574f2daed0b37136599b6cc608a83692b252123668e8fd853f29e

  • SHA512

    3757301bf860d8c9bee84d998973f8bee4a0220de33709084f2e34f12290792f8be32e4c04faba1968ee4deb6be5d8a8e2a7d0a679826037ed916bccd21edd55

  • SSDEEP

    12288:mgzJLX9C2OWCLSCGw0UXzExgv2gnZqMokWRtJG0Ly4usyeILdJP:mgzJLNCZRLSVSDeFgncMu00LfuhjP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Bank Details-Confirmation.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Bank Details-Confirmation.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Bank Details-Confirmation.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2676
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Bank Details-Confirmation.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2632-41-0x000000013F480000-0x000000013F578000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2632-42-0x000007FEF7810000-0x000007FEF7844000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2632-43-0x000007FEF57F0000-0x000007FEF5AA6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2632-44-0x000007FEF43C0000-0x000007FEF5470000-memory.dmp

    Filesize

    16.7MB

    Download