Overview

overview

10

Static

static

4

TeraBox_sl....1.exe

windows7-x64

10

TeraBox_sl....1.exe

windows10-2004-x64

4

$PLUGINSDI...UI.dll

windows7-x64

3

$PLUGINSDI...UI.dll

windows10-2004-x64

3

$PLUGINSDI...fg.ini

windows7-x64

1

$PLUGINSDI...fg.ini

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.xml

windows7-x64

1

$PLUGINSDI...fo.xml

windows10-2004-x64

1

$PLUGINSDI...sW.dll

windows7-x64

3

$PLUGINSDI...sW.dll

windows10-2004-x64

3

$TEMP/kernel.dll

windows7-x64

1

$TEMP/kernel.dll

windows10-2004-x64

1

AppProperty.xml

windows7-x64

1

AppProperty.xml

windows10-2004-x64

1

AutoUpdate...fo.xml

windows7-x64

1

AutoUpdate...fo.xml

windows10-2004-x64

1

TeraBox.exe

windows7-x64

5

TeraBox.exe

windows10-2004-x64

5

TeraBoxTor...le.ico

windows7-x64

3

TeraBoxTor...le.ico

windows10-2004-x64

3

VersionInfo

windows7-x64

1

VersionInfo

windows10-2004-x64

1

VersionInfo2

windows7-x64

1

VersionInfo2

windows10-2004-x64

1

autobackup.ico

windows7-x64

3

autobackup.ico

windows10-2004-x64

3

browserres/cef.pak

windows7-x64

3

browserres/cef.pak

windows10-2004-x64

3

browserres...nt.pak

windows7-x64

3

browserres...nt.pak

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    16-07-2024 11:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    browserres/cef.pak

  • Size

    1.9MB

  • MD5

    d1c40362fe2f365dcf4363713727aba9

  • SHA1

    e68372e078bcfb8baba6909ef39e05e6bcaccce4

  • SHA256

    c91bb3bd9431300da48e18f9f4d576b76c5cfbb0749c0d7dbda159fdb99a3edd

  • SHA512

    e179ac734f6dfc961c03a2d617d945abe1ed9fd120a02cd1f408c30d1a0b1a37667e145e302f3f2761a4de6068d4ed8737c97f8e9cf9f77e42d079f94c3e0263

  • SSDEEP

    49152:YZTSD2VMdS8xOt88ZCPbfNIWY1xG0jJbaCUXEWT:RyycRd0PbVHYfG0jJPA5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\browserres\cef.pak
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\browserres\cef.pak
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\browserres\cef.pak"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    cb605654e9004ef779a5dbf5a3b13c31

    SHA1

    49259201716feaa699d5f622e8a8764db2e3f458

    SHA256

    270b4e8e4fd287cf048ae9e9320fe2c64f0f8aa5b470a71f73ed84d6a9de5e4e

    SHA512

    a71d12430479722f5741d5cd63c30be63eefc2a82d080717476eb75cf57a94583c59553eb2a50296ac499aef182246960ccec7606ccf090a7de51e721884912d

    Download Submit