Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 22:32

General

  • Target

    寫真1.apk

  • Size

    4.7MB

  • MD5

    bc88f76beff9169c6fc8ad480898955d

  • SHA1

    84409b5f5d72723df251919c83f5b0606a78709b

  • SHA256

    ddf161b7fc14ed81ec9cc0ff9622940597389fa3a93dc498b5666814be87f80f

  • SHA512

    8e16e5bdd6f2be788b26e4b173261db478196baacaa5974f20679f226912cc3eb797212cb2196984b4db8897e4e72b4b13268c59fc1fb97237ee6305c8d627b9

  • SSDEEP

    98304:xemzvzBlTEz0tNyNVF6LnjGKifLPI0n+vuSLnVe+rRv:3zfE8oF6LnCKifLPx+GcRF

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\寫真1.apk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\寫真1.apk
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\寫真1.apk"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    57c04fae1fded8c4d45a462297bc63cb

    SHA1

    dca9dfe61bfa7092e64735ccd071d00a734591f8

    SHA256

    7270d075a0552900cc142325bc903a0d2c3f89b44bcf9cd1562373a16ceabdb2

    SHA512

    ad5bffd705a933b692b606369b24805fbe45506c28ad8c348793dae1cb9dd4b6bad36d0834d1fdc675f0a84fdfa2de544f1aa0de9e9b9bf913464e80b5c8893d