Resubmissions

06-08-2024 11:22

240806-ng2vrs1hkf 10

06-08-2024 10:55

240806-m1enxaxdmk 7

06-08-2024 10:51

240806-mxymls1eje 3

06-08-2024 10:49

240806-mw4r8sxcnj 10

Analysis

  • max time kernel
    84s
  • max time network
    56s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 10:51

General

  • Target

    ✪➳S͜͡eTuP✔!!・2025・!!P͜A@s$w0rD~KEY!#~.rar

  • Size

    8.5MB

  • MD5

    4842923543c235197601ce5edc83151f

  • SHA1

    0cf299e2c90094aff18a9953dfb6f4b10a4de397

  • SHA256

    761e8398a24d05d612b20c4dc7519b1f15835ea393534a5d230c14eecc93bc83

  • SHA512

    95c31450d070b7d1e26753ae0337490971c3992b84fd5ab304e279f7be06b2c37be27108174c055abb83283528f15cc73ada193e64a68bf84f4bf7717d7764f7

  • SSDEEP

    196608:KXMwoXXUMMuabSO9PlXD1s7f8bsCvOsU2mldGpKnWsXGOt:7wYvO99Xh42sCHml9WOt

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\✪➳S͜͡eTuP✔!!・2025・!!P͜A@s$w0rD~KEY!#~.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\✪➳S͜͡eTuP✔!!・2025・!!P͜A@s$w0rD~KEY!#~.rar
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\✪➳S͜͡eTuP✔!!・2025・!!P͜A@s$w0rD~KEY!#~.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2716
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\✪➳S͜͡eTuP✔!!・2025・!!P͜A@s$w0rD~KEY!#~.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2636
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1896
    • C:\Windows\helppane.exe
      C:\Windows\helppane.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2116

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2636-37-0x000007FEFAE20000-0x000007FEFAE54000-memory.dmp

      Filesize

      208KB

    • memory/2636-36-0x000000013F7A0000-0x000000013F898000-memory.dmp

      Filesize

      992KB

    • memory/2636-38-0x000007FEF64F0000-0x000007FEF67A6000-memory.dmp

      Filesize

      2.7MB

    • memory/2636-39-0x000007FEF4A40000-0x000007FEF5AF0000-memory.dmp

      Filesize

      16.7MB