Overview

overview

10

Static

static

10

TOTAL.zip

windows7-x64

1

TOTAL.zip

windows10-2004-x64

1

CR9CK/CR9CK.exe

windows7-x64

10

CR9CK/CR9CK.exe

windows10-2004-x64

10

CR9CK/CR9CK.pdb

windows7-x64

3

CR9CK/CR9CK.pdb

windows10-2004-x64

3

CR9CK/prog...xe.xml

windows7-x64

1

CR9CK/prog...xe.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2024 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CR9CK/CR9CK.pdb

  • Size

    955KB

  • MD5

    1d4b71a9d5b1d0c2354567f6a24abe14

  • SHA1

    3e8dc08d03b65473d088fb31b770c00fb504d506

  • SHA256

    a843fcdc6a84e7aca0c679b2a4d4d1e39a3c69cd94cfae4e3ebe7d10564bfca8

  • SHA512

    74e9dcee57650a5dd109235a39d208e03bc6ef8795e53d4b7fac9605c897f22570f5067d2a0bf4280dc3a07a4b848653e24369fea855907da9ccab6b84f537fa

  • SSDEEP

    6144:jtul3tZQCwOXckPOAR2CsfGcVknfqyZsAj51jDz6svLYtgpCIAVq3L5V6rsT2Fhv:H+OAsy7D9vLYGCK3L50o9vC0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\CR9CK\CR9CK.pdb
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CR9CK\CR9CK.pdb
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CR9CK\CR9CK.pdb"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    6c8bd233be0c94b73154356e8bd04177

    SHA1

    ee580c5101c36456e89a4f9fe143f064f4ead141

    SHA256

    5bb5cbf15d1c14313796677147915f816c6d2d5a6a47c90db1016701a2bb7fe5

    SHA512

    0368390b4233b7502dba06ff5d5aa60eeb1b458da3d0aa4e4782d39976af2be0f8a95c98766671ef14875b6aaf2eb5b78bea054ae7f4021e077b72d5cae5c088

    Download Submit