Analysis
-
max time kernel
130s -
max time network
137s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
05-07-2024 16:09
Static task
static1
Behavioral task
behavioral3
Sample
Settings.ini
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
d3d9xx.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
libcef.dll
Resource
win10-20240611-en
Behavioral task
behavioral6
Sample
licension.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
open me - 1212.txt
Resource
win10-20240404-en
General
-
Target
-
Size
167.6MB
-
MD5
2c81db0cc381a3ed7ba632d3e6aaad83
-
SHA1
0311c3f2acb408b3109808f8b4ea8e10b4966f20
-
SHA256
7da7d152162fd0a796b93b2f28715c50b577ac71a1107b668dc6b2834a5602ba
-
SHA512
80b6ea16046a76e5e60326fd45aa189da36bd6d9bdc86e4422f4e6bad131451cbae0b9ddbb4ed41d55f6f22c4d124fef068f9bf812662281890c4b9f8ac7c0b8
-
SSDEEP
3145728:dbuy3ZlXH+xG7ncZnsbXvL8DDC2EhXXYKH1DBAjWAWNAPn0nKzl:dntH+QTcZnqfADu2wXYKVDBNAWNAP0E
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid process 32 OpenWith.exe -
Suspicious use of SetWindowsHookEx 43 IoCs
Processes:
OpenWith.exepid process 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe 32 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.exePID:68
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:32
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4944