de05f6f97b475ed6464541665e59252869b5d531c63698a9ad70c3875954c92c

Analysis

max time kernel
92s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Harvard_Business_Review_USA_MayJune_2024/Readme/zz1Cover3.exe
Size

925KB
MD5

0adb9b817f1df7807576c2d7068dd931
SHA1

4a1b94a9a5113106f40cd8ea724703734d15f118
SHA256

98e4f904f7de1644e519d09371b8afcbbf40ff3bd56d76ce4df48479a4ab884b
SHA512

883aa88f2dba4214bb534fbdaf69712127357a3d0f5666667525db3c1fa351598f067068dfc9e7c7a45fed4248d7dca729ba4f75764341e47048429f9ca8846a
SSDEEP

24576:fYgAon+KfqNbXD2XJ2PH1ddATgs/u2kaCB+l:f37+KSbq5e1diEnHaCK

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	zz1Cover3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	zz1Cover3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	zz1Cover3.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	zz1Cover3.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	zz1Cover3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	zz1Cover3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	zz1Cover3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	zz1Cover3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	zz1Cover3.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	zz1Cover3.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	zz1Cover3.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	zz1Cover3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	zz1Cover3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	zz1Cover3.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	zz1Cover3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	zz1Cover3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	zz1Cover3.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	zz1Cover3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	zz1Cover3.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	zz1Cover3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1056	zz1Cover3.exe

C:\Users\Admin\AppData\Local\Temp\Harvard_Business_Review_USA_MayJune_2024\Readme\zz1Cover3.exe
"C:\Users\Admin\AppData\Local\Temp\Harvard_Business_Review_USA_MayJune_2024\Readme\zz1Cover3.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads