Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16-07-2024 07:19

General

  • Target

    SpeQ Mathematics/examples/complex numbers.spq

  • Size

    1KB

  • MD5

    72c502e9e1a822d8defd47c80856c4ac

  • SHA1

    f8e63ec76d9d399c0434a0f7273f119b06f5a5ee

  • SHA256

    392c6585cb599cefeae50eeadd02c95db93feab66abbca50c5f7a926b302f5f9

  • SHA512

    494b3a1597cb734e13de6df440610fad921345ba6ef65070687445efe6dfb334e770f399c48c31a3f50e99ecdecaf189adcb7fae58c7b5c9f1a12608ca74a450

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\SpeQ Mathematics\examples\complex numbers.spq"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SpeQ Mathematics\examples\complex numbers.spq
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SpeQ Mathematics\examples\complex numbers.spq"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    1932220dae009482fa9163e27080966c

    SHA1

    3a56b0c255f7e6c32ca13fcd69e83c2ddcaee97d

    SHA256

    2ab4a0344864fe3f6d03a87840c9d7e6e232fd03691a9a581150256cd4e38454

    SHA512

    5d12653598d47f13ec9c78f0e26bd89a98a262afeedd92dde54cb34fcdc3e26b011dea647e6a03bfde8a2f61f37218059000a30df2524ff462f543a25c160261