Overview

overview

3

Static

static

1

1b61acffdf...824.sh

windows7-x64

3

1b61acffdf...824.sh

windows10-2004-x64

3

Analysis

  • max time kernel
    16s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15-07-2024 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b61acffdf26ead57b4269c0aada42c7f9087e528a2cb4ce92b7dd8a030a2824.sh

  • Size

    1KB

  • MD5

    67b94a2577b0dd66953276f455328da2

  • SHA1

    41727f4b97d34f332758e08734cbfefb2e9523a5

  • SHA256

    1b61acffdf26ead57b4269c0aada42c7f9087e528a2cb4ce92b7dd8a030a2824

  • SHA512

    e09a524f1f576d1d612a94d42eba1c795c1b1634d5a77852d6007d1d9ba05fb60191dd4f7f899d58f8d12f00c42253bebf54ae09f4a06131f83e86f4f2b8e45f

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\1b61acffdf26ead57b4269c0aada42c7f9087e528a2cb4ce92b7dd8a030a2824.sh
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\1b61acffdf26ead57b4269c0aada42c7f9087e528a2cb4ce92b7dd8a030a2824.sh
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2848
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1b61acffdf26ead57b4269c0aada42c7f9087e528a2cb4ce92b7dd8a030a2824.sh"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:1700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    3f36e625d80c318517e9ca198a7ff0c6

    SHA1

    5443aaa5ba87910e396248dad6efd8dcbfc9195c

    SHA256

    6ea39f0915d16b9ebe1d870a1b3a446b819e8aad48371b7d16b3f3b9a431801f

    SHA512

    e4348d554effcb1afeeb3d9c431b472a3a0604933882902995c6feca3ebdb23ee996721c4785dd370346f0db9a68910aeec41f3b6ee579043f175c479cda4194

    Download Submit