94fce339364c05cf5337520150090ca46c8b5a2e3b5d400fc36f230763b0ef70

Resubmissions

07/07/2024, 15:32

240707-syqahsxbrc 7

07/07/2024, 13:43

240707-q1rj9atbml 3

Analysis

max time kernel
1329s
max time network
1264s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07/07/2024, 15:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RadarPublicTest.rar
Size

72KB
MD5

53afab4e7603796113742080fe0f85b9
SHA1

55b1819a6a993c4b01885f273d7314dc11b7151e
SHA256

94fce339364c05cf5337520150090ca46c8b5a2e3b5d400fc36f230763b0ef70
SHA512

e1831a94a1a42502746a0219ee588ebeee65b2a8a3c479a46e71e983b185cb7351ccfaf1a198247c9b77d5dde11604b2a7f5fc2d60e0ec2430a211d5640e6361
SSDEEP

1536:0k8E9FECMgShNyr2CAadbsbSBJ5t/lp6t2aslOEa+qRclbUzo44OO7cU:069eCMjhLCAaWY5t/lMtLslS+qSR39Oi

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4208	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeBackupPrivilege	4492	svchost.exe
Token: SeRestorePrivilege	4492	svchost.exe
Token: SeSecurityPrivilege	4492	svchost.exe
Token: SeTakeOwnershipPrivilege	4492	svchost.exe
Token: 35	4492	svchost.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\RadarPublicTest.rar
1⤵
- Modifies registry class
PID:4384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4492

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4484

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4672

C:\Windows\system32\fontview.exe
"C:\Windows\system32\fontview.exe" /d C:\Windows\Fonts\VERDANAI.TTF
1⤵
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\ApproveRemove.ps1

Filesize
581KB

MD5
883000f34f4a9889c297b1a779edd573

SHA1
c9a8c40b01c9e269862233dd59eb1726d01994b5

SHA256
c5a24acbab8ec360830466fe811952bdcdced716589ad6ec5c7a8e812915a7f6

SHA512
a1e506ee49979604d4a5e5488afa1ac909bc828522d6690fcccf32633d81678542d965fa1a56048d577b4a005fe1116f2521f98b3e304ac80e03aa631fccb0bb

Download Submit
C:\Users\Admin\Desktop\AssertDebug.ttc

Filesize
442KB

MD5
9429c7ff0863da661325a34d805af4ee

SHA1
46bc78bf432961ea0f2c1f70262c3009176f6ffc

SHA256
a39fa01d85839d7e28dbe534977e22cb43537146b2aa8bb18f5f532eef0210e4

SHA512
49f3417a459d4719849403ea432dee24caf76727d5607f29eff8962ec0ad25c818da0b97c61150fa96c1326203166624b77f0e9298493b466a0db298b152a52c

Download Submit
C:\Users\Admin\Desktop\BlockCopy.mpeg

Filesize
558KB

MD5
8b5f7506023203925e027b2667df475c

SHA1
782da1a771b0aefb37257454e7f5123ca2aa10f9

SHA256
75804a1bd6998b7c1fe0380f1ec4ef087a56bb7252d40743329e44a18ffa0b4d

SHA512
10a8059a76d5345bce36acfd77cc8974a427b9d62d680ffc1f07e354fb67f0eed83289abd77c72db7c4cd0add6b037565af7ddbc9e5f61cd606f50fa2e32fd60

Download Submit
C:\Users\Admin\Desktop\CompressAdd.3gp

Filesize
674KB

MD5
435bfc685c7e1c0eb7f16ebc37ff6f81

SHA1
9698b2acd1826a9c755117192960aba41d8901f6

SHA256
e006ccd124e07b09bdba7b5d98bbe0fff310945581914f375731a7a6e74de7fc

SHA512
17e26ce06693778e8c451eb71d45f33e7b141d1158de187f81fdc5e147b7b47afc6c334f2f690e0444098ca36f4c7f36ecc3cbc133b65179839d1a824214a971

Download Submit
C:\Users\Admin\Desktop\DisconnectExit.temp

Filesize
535KB

MD5
ba00c1d96447b8d3386626c32f7c0878

SHA1
05db62d61b3a05c04a0f4d7fda6c2d3f4559a34f

SHA256
90c215311dde7eadcb85d7ddabcc8f1cecf154b15d637af55ca6a59f1324f47b

SHA512
eb6f33cc8e279bec4c64b5148e93cd4a46b2d358becd551d7ca367d7978fb667b100fb121730669a2bb44dacedb0084e0f7a5a16c134fbd9166299cc7aae5bdf

Download Submit
C:\Users\Admin\Desktop\DisconnectRestart.odt

Filesize
255KB

MD5
a6e10bb1f83d37f3608fc9ad006ecc20

SHA1
9a3f17e583f93861f5796180b72e52f03aabbf8f

SHA256
99ff78739281a5764cd98bf18ec9ab7e737ee774d0667df8a905fc474931796a

SHA512
de7ee1e6226a2f1b45baa1bd94d40baffea29c6161d66255d0c150cca85fbabdc35a5094d5e4825eda06a070825e4f43dcd39697422b56e53c2f7eb3db0a9343

Download Submit
C:\Users\Admin\Desktop\DisconnectShow.mp2

Filesize
651KB

MD5
ca2684a8f15368f26e300b9cdad20603

SHA1
8da9cbd96d0ae5486359ad7507d445f749a178d8

SHA256
a69efaa33b077ffcb5525823f8caa288815cb6e14cb9264124d075b0c63a6fb1

SHA512
74a75d486b9234669e684e66b7f35c045f7da0b0b3ec5a0c5f1bc0935ae0e3a32b3c448f3e51e6cc279ff3674267c346fce55adf7665341ce0a2a2d64ddd83fd

Download Submit
C:\Users\Admin\Desktop\DismountRequest.xlsm

Filesize
465KB

MD5
ff9cd209b59afaad81e265dd0c694654

SHA1
301e1a6a25932acaf811eef2ef720fba2d1b1146

SHA256
e36746e09734d55e6e1754670dfa6faeb939d8ca693f517c5ddeb14e593ac9a9

SHA512
06adb0332727a33e6f7edda77cfeba4a26dfca04e9d61cc6a793fb78195bfe7d3913d05e8919656cec6e528cfb29bdc15e391072668d1d1d996d16df53cba3d2

Download Submit
C:\Users\Admin\Desktop\InitializeClose.xls

Filesize
418KB

MD5
1124b96e0426297876a2369dc24bd98a

SHA1
2b321cf9171bdde9f2f271ab4d814b5f4ac5214e

SHA256
86526f7df0410ee2d54a2431b6bf5b08664cbf7b79260fdfb73b2f14d0ee2d6f

SHA512
c3d9756c97b368ff9724c09ea001e493958f14422a2ab8668f4b753d837ed644434afcdf550375341e657f3ab616addbefdf3110e2e35fd214f8ed1050fe671e

Download Submit
C:\Users\Admin\Desktop\InvokeUnpublish.bmp

Filesize
372KB

MD5
06b886f6c497329675de831e65f2df71

SHA1
86de9ce925894c1e9ddbdecab9f6adc51b139253

SHA256
266fdcf29b479566e61066d775a14422d8b53d812affd2d44325bc8031ce8887

SHA512
ae5079c2bb56b77b2b9730ea5aec0cd4aa7ca65109da840a5c1945756023f80a1a8fc404549315cc11556931f7eafd0d85e75bef64bbd20716309d9fc43c054d

Download Submit
C:\Users\Admin\Desktop\LimitRestore.emz

Filesize
302KB

MD5
7500759c5509d301ac1d63dc0e1b67b0

SHA1
fac7faac5836e5915b94b7ae55db824b590ad944

SHA256
1d83125eccfd713981430ffb3aa2b221ce977edc49e07dcfe4ac03713e809623

SHA512
3ca0430462afa1edcce9966a6021e813d6c4b70a327bcf3c396b234dd2b5bac8ffac3a5c3ceec2232cc819d09e787b21f61414439f37bb4bdf02bd745b14e0af

Download Submit
C:\Users\Admin\Desktop\MeasureOut.vdw

Filesize
1000KB

MD5
d2c780a7540ad2ab4c51305b291c1d31

SHA1
3eb6733e654bd10348d15c15cb86baf5e2f34321

SHA256
50f5979d6202f0124fac2fc0d2706aefd647e3192d7579f43cff6e5f26f4395c

SHA512
8520fb5eaec6a9a9bdf0db1afbb7852ac27e303648a5ab7056cb06a90b084f8d3ae551e9154a0d7b0ac8ab177e2610a10850ec26ef32f8b90a987569c395698e

Download Submit
C:\Users\Admin\Desktop\ReadMount.mpeg

Filesize
279KB

MD5
5c7fce0454a79ebf638eb2bb2edc1c3d

SHA1
3fb1534b730bf115ba0f445ace6d6555cd1a785e

SHA256
354266a529e2e04e7b4e5b0ce94f7d0b1101afceecec8fe3e007877b0d610f18

SHA512
e08cfa82818bb6b9277010d361248e99784a29777f550248e5eb4537966ece10989cfee8d34b1c59c6aa54142e244d881457e13525af7ab57970c706cd81a157

Download Submit
C:\Users\Admin\Desktop\RepairResize.mov

Filesize
511KB

MD5
fd17456cf20646421b8604c734da8d78

SHA1
b9cd38852809c47eadc1f717c515e3d3e09eae1a

SHA256
2c20af1091520de7a0e20d6849b701ad3540266ff3324f1cdcc05773982c1ea5

SHA512
de02419d713ebc49a537c5e9abe3236717d6e02c382bb4c01c4a267894bfc858a9e7417c1f887b01634926bfad92025ca19a9c10a097d1f860529eebe204651e

Download Submit
C:\Users\Admin\Desktop\ResetOut.midi

Filesize
325KB

MD5
65febaefa952da7ffd8a50ce5baef915

SHA1
690493c89f8640001bb8a5c2e1463d991cc9b350

SHA256
5e30da4a4870c53800056a832569d17d4a0d7dcaccf4efed717b35e2852c988d

SHA512
5dcd1c64ec0b5e33e3d8fc0680e9ab72e6e5830db76da6c2c228fa80761d46340ead6a7db626c0309998ab453d768ff088b883daf71e260c6464317281c95105

Download Submit
C:\Users\Admin\Desktop\ResetProtect.ods

Filesize
628KB

MD5
41735ddbd9fa29e91af885bc7fba1ac1

SHA1
4e66acf34b912bb6bcf2c754881e7a55cfaef3fe

SHA256
cde6ea6ed377e973d6dd9ee82115354468a18cbad48e38727bc4d41c5de64353

SHA512
a6c64aff979d2c21f5853f668e70652f684d9c3e8877ee7a716bc9a4e228529f93e7a07168b7eea28466740b4d5be32c6b901caa953d28d8c477365491d7f713

Download Submit
C:\Users\Admin\Desktop\SavePublish.iso

Filesize
349KB

MD5
51602a9701805b36b6ea0641cdeb67f5

SHA1
50a0de8973f80c027b1c49998c0d08e256d7a5ca

SHA256
372f7ef069010cafe3ca0167b14cd349e947cbbb7923d36f326593ec06b4ad62

SHA512
6fbede5a5c13a8fe50ec976272b8cea9d0078f9c839678b68b65a771aa5eaa23111f423452305138967eaf5108cc2538fdc64c1845d4dd6c71ce31eed6c37acf

Download Submit
C:\Users\Admin\Desktop\StepFormat.mp2v

Filesize
721KB

MD5
b95a1454b6be538c1429b1717d2f7548

SHA1
30b1adc13e2afb62d7aa26f917da25cdb6968490

SHA256
bd43f0d501af53c79ccd8f676e3a96d7bb6dd9ed8be3710bfc9fe79ebbb52e56

SHA512
959554a7dc039383a22934dc8086e9a86ea38d96d78ffae98aa0f6b193c8ce5902b0d012d88eae95718d6e42bc2ee3a38e7dcd30ce472479dc30c4926d840f2d

Download Submit
C:\Users\Admin\Desktop\SyncSearch.mpeg

Filesize
488KB

MD5
c5e13f24cc35c2aaab38bc43d5a0484d

SHA1
b9189286a613a08756bb60e1cc119cb5975856b6

SHA256
4efb5353e19e5ba9d8614cf8b7ac08333d774f790330b27a40e4fa0571092d6a

SHA512
2b7f978fba77b37d66c241b8a446f96323f1d5c0f0020a1a0ec077302e9127282d10a3d4e9fe45052298cf02cb24e20edf1758faf531b38a92ca415272d2678b

Download Submit
C:\Users\Admin\Desktop\TestCompress.zip

Filesize
698KB

MD5
302395bf5cb0806cb5fe1841016eaeea

SHA1
5bd3c9ae95b1aaf712c015bcb623818ca326bd0b

SHA256
2bfff83393f47ce83c0ae97507561cd5b93db3b82994173060bf67f887b3e1c8

SHA512
7b265372569c4278183d003bff05dbc3de8add22c1f65421c95e20889bcf5e708972c6af47add2f72971b84ebdef9eb569747e163ca430b08cb55177567ebd4c

Download Submit
C:\Users\Admin\Desktop\TraceUnregister.dxf

Filesize
395KB

MD5
c9181d8892a5dec6b9b26449a38231e6

SHA1
89ae01f52f06a2ffce7855e4f20ad8380f48179f

SHA256
53bcf86d37324e0c4a6a5178b969adfe843a16d2c3b985afc81cf13d4d6e74bd

SHA512
2ed6b5551321675fdc2fc508e4512dc9ba603b5778961dd6ae976bbedf43907eb19ee2d76a1f099e864992e3430c58807435abb60c7aec5d8d16bcca2f00a7ba

Download Submit
C:\Users\Admin\Desktop\WatchCheckpoint.ADTS

Filesize
605KB

MD5
127cfd9d430a637aacc50b804a775935

SHA1
1070d03af0e3e7e4810aaf74ad10f2030552a317

SHA256
711ece944ce36203d88e5d88a500340229c15c6f7281fe9e3831e082f064544c

SHA512
680b534ad8e74b1bee381bc527fc0d0f5ba4e783fa4ac8fbb0c55704aea240313d746a8f8ecf7c0c2900e3e35ac994f211d8113f2d8a965a92ee62e2b71b6966

Download Submit