ed1e10ee0cd794b7d253741f0893c094f11a0b03c15b62451ba17dcbb84a00a4

Resubmissions

12/10/2024, 12:46

241012-pzt4ba1dmf 3

12/10/2024, 12:45

12/10/2024, 12:44

12/10/2024, 12:42

05/08/2024, 23:13

08/07/2024, 16:42

07/07/2024, 23:47

Analysis

max time kernel
1559s
max time network
1560s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

REGFuck-master/RegFuck/Form2.Designer.cs
Size

3KB
MD5

a09c2afe0b23fe69f0c28bb46d9da67b
SHA1

35ac36cfc6e0ba27cc27d0da79cf4b96b6fd29f6
SHA256

bd94fcd7674f48d93822578ba83d4785a3ebe94f0a59cac8d91c7cfe89197740
SHA512

65d78a2a54655f5a3819b1b04a58eb4a686561fe2aa51f9fea6685092f97701136e9e55efdbef5222a3d78554093d0360121d30ec32380d3dc5d23415bf1a62b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2472	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2472	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2472	AcroRd32.exe
2472	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2472	2400	cmd.exe	29
PID 2400 wrote to memory of 2472	2400	cmd.exe	29
PID 2400 wrote to memory of 2472	2400	cmd.exe	29
PID 2400 wrote to memory of 2472	2400	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\REGFuck-master\RegFuck\Form2.Designer.cs
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\REGFuck-master\RegFuck\Form2.Designer.cs"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e04660f57222fc54cae28223b3c45f5c

SHA1
10b83eac2fdcfba4ba50a988de8e34beec2abd3a

SHA256
2aa2f1635024cc620f5b86b5d80b9fdc16caa4c0fe9f1388e4820993a64b48b9

SHA512
acd279f7f8fe2631e6cd78bcb8e6967ef8f19d3f96621d1385778cda9f575da6763cdc297d0c0e16eacedd94d0a9ccccf2bb720a8997723bb1d045e7ddfb974b

Download Submit