Overview

overview

3

Static

static

1

plugin.zip

windows7-x64

1

plugin.zip

windows10-2004-x64

1

selectrss/README.txt

windows7-x64

1

selectrss/README.txt

windows10-2004-x64

1

selectrss/...ss.php

windows7-x64

3

selectrss/...ss.php

windows10-2004-x64

3

selectrss/...og.txt

windows7-x64

1

selectrss/...og.txt

windows10-2004-x64

1

selectrss/...ds.php

windows7-x64

3

selectrss/...ds.php

windows10-2004-x64

3

selectrss/...ds.php

windows7-x64

3

selectrss/...ds.php

windows10-2004-x64

3

selectrss/...til.js

windows7-x64

3

selectrss/...til.js

windows10-2004-x64

3

selectrss/...ss.php

windows7-x64

3

selectrss/...ss.php

windows10-2004-x64

3

selectrss/...ll.xml

windows7-x64

1

selectrss/...ll.xml

windows10-2004-x64

1

selectrss/...ks.php

windows7-x64

3

selectrss/...ks.php

windows10-2004-x64

3

selectrss/...de.php

windows7-x64

3

selectrss/...de.php

windows10-2004-x64

3

selectrss/...rm.php

windows7-x64

3

selectrss/...rm.php

windows10-2004-x64

3

selectrss/...ss.php

windows7-x64

3

selectrss/...ss.php

windows10-2004-x64

3

selectrss/...ss.php

windows7-x64

3

selectrss/...ss.php

windows10-2004-x64

3

selectrss/lock.js

windows7-x64

3

selectrss/lock.js

windows10-2004-x64

3

selectrss/...te.png

windows7-x64

3

selectrss/...te.png

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    selectrss/db/tasks.php

  • Size

    1KB

  • MD5

    d679b5ea5c721286d0b8efc8be020b89

  • SHA1

    d91c28365d65ee8b060def605473abe48c0b7d07

  • SHA256

    93056febcf09c4a24441bec5b87c7a651099b3e6c4a36fe8700b8876a80be677

  • SHA512

    9f53cda5f22dc96b0fb629fa13979a60a184244a081f34d4e9fd16d9dea06ec8e9bdc9675c49a696efc02fddb3ec8bf4e6cb0f56a36a85396e393437400d7df4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\selectrss\db\tasks.php
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\selectrss\db\tasks.php
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\selectrss\db\tasks.php"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    e1f5f133a5ff3184c3c13186c754a3dd

    SHA1

    0dda85a3866215b168f6fd5a8200406dca281030

    SHA256

    c0bfbcf2750e7c9817845d801d5b76172cb716da01cfb12ed95c6a984dd4eaa2

    SHA512

    fcf76edcb0dde4d5376773bde7c265bb627db3ca7bdf23ac8c9679cc15245eddb7526331cb701e3e002caead65e4cb3176b7feb5f2f30c6069e917011b1c48a7

    Download Submit