Overview

overview

3

Static

static

1

REGFuck-master.zip

windows7-x64

1

REGFuck-ma...ignore

windows7-x64

3

REGFuck-ma...ICENSE

windows7-x64

1

REGFuck-ma...DME.md

windows7-x64

3

REGFuck-ma...ck.sln

windows7-x64

3

REGFuck-ma...ner.cs

windows7-x64

3

REGFuck-ma...rm1.cs

windows7-x64

3

REGFuck-ma...m1.vbs

windows7-x64

1

REGFuck-ma...ner.cs

windows7-x64

3

REGFuck-ma...rm2.js

windows7-x64

3

REGFuck-ma...m2.vbs

windows7-x64

1

REGFuck-ma...ner.cs

windows7-x64

3

REGFuck-ma...rm3.cs

windows7-x64

3

REGFuck-ma...m3.vbs

windows7-x64

1

REGFuck-ma...ner.cs

windows7-x64

3

REGFuck-ma...rm4.cs

windows7-x64

3

REGFuck-ma...m4.vbs

windows7-x64

1

REGFuck-ma...ram.cs

windows7-x64

3

REGFuck-ma...nfo.cs

windows7-x64

3

REGFuck-ma...er.vbs

windows7-x64

1

REGFuck-ma...es.vbs

windows7-x64

1

REGFuck-ma...ner.cs

windows7-x64

3

REGFuck-ma...ttings

windows7-x64

3

REGFuck-ma...csproj

windows7-x64

3

REGFuck-ma...ne.jpg

windows7-x64

3

REGFuck-ma...ck.png

windows7-x64

3

REGFuck-ma...ck.gif

windows7-x64

1

REGFuck-ma...ix.gif

windows7-x64

1

REGFuck-ma...pp.xml

windows7-x64

1

REGFuck-ma...nifest

windows7-x64

3

REGFuck-ma...ck.ico

windows7-x64

3

Resubmissions

12/10/2024, 12:46

241012-pzt4ba1dmf 3

12/10/2024, 12:45

241012-pzd24avhqp 3

12/10/2024, 12:44

241012-pyyeca1dja 1

12/10/2024, 12:42

241012-pxr6ya1cme 1

05/08/2024, 23:13

240805-27gt6s1hln 6

08/07/2024, 16:42

240708-t71chsybln 3

07/07/2024, 23:47

240707-3svcdssckm 10

Analysis

  • max time kernel
    1563s
  • max time network
    1566s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    REGFuck-master/RegFuck/Form4.Designer.cs

  • Size

    14KB

  • MD5

    cececb9a3cf91cdb96ee3cca140fcae6

  • SHA1

    a7dc0a36368badf15789fc05bcfb9356719c432c

  • SHA256

    ec0567924dcef9f7c83e842f0a35043fe72385229d19d6efdd89713a1653b62b

  • SHA512

    60e5522824761802aea9d001678e7db54928bf6ebb851c0313dc075b83b516bece47e60355aba3c4dc8bd6b83ff45645a4c976c83157ca05a74f17cc8c68f1c8

  • SSDEEP

    384:UwDESk7UN1Et5kGypQHvKbk/r4MsTarTBwGv5OsM2q7TH84cSyQcLKgpsinw43fp:jDkIiV+S

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\REGFuck-master\RegFuck\Form4.Designer.cs
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\REGFuck-master\RegFuck\Form4.Designer.cs"
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    a703f9a9115d96095981aed921581dd7

    SHA1

    b4a4d0e342c309548fa010e61715e41a89ce7b70

    SHA256

    31f68ffc17fcccc6f69cc2687bdca8d49b79e32072e309245dbe6a081aef06cd

    SHA512

    471bb7ae102a06af4c28572647b4799b727010c9235ca5e4271706387e8b9be67d9572de5ba2a8911e34162d0201d0e0a81f201135ff0371d40807c5830124b3

    Download Submit