Overview

overview

3

Static

static

1

dheater-0.4.3.zip

windows7-x64

1

dheater-0.4.3.zip

windows10-2004-x64

1

dheater-0....ragerc

windows7-x64

3

dheater-0....ragerc

windows10-2004-x64

3

dheater-0....ignore

windows7-x64

3

dheater-0....ignore

windows10-2004-x64

3

dheater-0....ignore

windows7-x64

3

dheater-0....ignore

windows10-2004-x64

3

dheater-0....ci.yml

windows7-x64

3

dheater-0....ci.yml

windows10-2004-x64

3

dheater-0....lintrc

windows7-x64

3

dheater-0....lintrc

windows10-2004-x64

3

dheater-0....erfile

windows7-x64

1

dheater-0....erfile

windows10-2004-x64

1

dheater-0....SE.txt

windows7-x64

1

dheater-0....SE.txt

windows10-2004-x64

1

dheater-0....EST.in

windows7-x64

3

dheater-0....EST.in

windows10-2004-x64

3

dheater-0....DME.md

windows7-x64

3

dheater-0....DME.md

windows10-2004-x64

3

dheater-0....25.pem

windows7-x64

3

dheater-0....25.pem

windows10-2004-x64

3

dheater-0....48.pem

windows7-x64

3

dheater-0....48.pem

windows10-2004-x64

3

dheater-0....75.pem

windows7-x64

3

dheater-0....75.pem

windows10-2004-x64

3

dheater-0....72.pem

windows7-x64

3

dheater-0....72.pem

windows10-2004-x64

3

dheater-0....25.pem

windows7-x64

3

dheater-0....25.pem

windows10-2004-x64

3

dheater-0....96.pem

windows7-x64

3

dheater-0....96.pem

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dheater-0.4.3/data/dhparam-ffdhe-2048.pem

  • Size

    424B

  • MD5

    4328d5f118ce830b50784cc5a8a07ea9

  • SHA1

    3f835203a7e6699a7d022f838b4b7bc5718385d9

  • SHA256

    9ba6429597aeed2d8617a7705b56e96d044f64b07971659382e426675105654b

  • SHA512

    d701f16489970432057280130dcd11f7d623daa0f76cc78f7b74bb487706e6b5a013e410e29d7ba5b951b46dfbc661ff13ae90363f8cb4209b27d2eee339a7a2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dheater-0.4.3\data\dhparam-ffdhe-2048.pem
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:548
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dheater-0.4.3\data\dhparam-ffdhe-2048.pem
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dheater-0.4.3\data\dhparam-ffdhe-2048.pem"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    9652514e0a3f2571787c18499bafbc0b

    SHA1

    d1dee6df75f3413e191fc2294be133070b91d768

    SHA256

    5aab0cceb418a75af8bcadccdd89b781ef4507c65b0056ff2ad4ed4ba342b6be

    SHA512

    dfdda3deda373b2a4e305cb3ffa4c5d5344db9a077ac17a49f5f3327ffb876e9296206f840b6929348469697d5ced5dd47fbda0d9f5e786a759f3b545a20bfa1

    Download Submit