59d0d595dec18db09db65df7c1b3cae6627a0721d82bde81b260fff86844717e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpeQ Mathematics/examples/defining units.spq
Size

1KB
MD5

ca28f8c344c767fbbe70bd18ffb6c097
SHA1

cbad1782296b7b0de6a9d4546c654876b2c0b7bb
SHA256

d95ca279df6cd4e0afe283a2bd33c3febdd5f40e2a67be8ecb52f260c1f816c9
SHA512

621bcd1f7956bcfc7805e086a7603322d0829d51287d71d67e635ca0090461750150866bf578412c78b895fcad19573d21cd02c9f20b8a916c99c9eca8537782

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\spq_auto_file	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\spq_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.spq	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.spq\ = "spq_auto_file"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\spq_auto_file\shell\Read	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\spq_auto_file\shell\Read\command	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\spq_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\""	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_Classes\Local Settings	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\spq_auto_file\	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2244	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2244	AcroRd32.exe
2244	AcroRd32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 2016	1512	cmd.exe	31
PID 1512 wrote to memory of 2016	1512	cmd.exe	31
PID 1512 wrote to memory of 2016	1512	cmd.exe	31
PID 2016 wrote to memory of 2244	2016	rundll32.exe	32
PID 2016 wrote to memory of 2244	2016	rundll32.exe	32
PID 2016 wrote to memory of 2244	2016	rundll32.exe	32
PID 2016 wrote to memory of 2244	2016	rundll32.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\SpeQ Mathematics\examples\defining units.spq"
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SpeQ Mathematics\examples\defining units.spq
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SpeQ Mathematics\examples\defining units.spq"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b5eb843d82f760cd3faa11e85b623a15

SHA1
70c060262c67dcdf56b172ab241de2eb5382d1d0

SHA256
fb766098933d27cd94bf02e299a323ba77ae6b47fe9627fb49946afd2e458c49

SHA512
bd35abd9698a4aef2bb659719e46d6f28f1c29b0dcc86d6e57d3b29d7e6af8a7348e4fe4d177c789fd88c74d7d5f680af775c63116a4014df283b2c9f4da324f

Download Submit