Analysis

  • max time kernel
    130s
  • max time network
    137s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-es
  • resource tags

    arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    07/08/2024, 08:19

General

  • Target

    locales/tr.pak

  • Size

    465KB

  • MD5

    0aedf5c2f6f4f49074a2adea454df4c9

  • SHA1

    a48d9d8461e61170257897766dbd6906e754a0c3

  • SHA256

    3f4658b3811b36f5cad794e48e6507335abfe78b0bfa0c80d1ef9c5d7bb410d0

  • SHA512

    e359e446330fc154c16e34a7335174f372bce701faf85de8a5f4b432ce3e10c69f42c93b7182deac89bb4d29750d0dd525b6dcd74a5b7bd724f544d14ba44a79

  • SSDEEP

    6144:FQ9HSLQl2q4qRv75az4lTxJXZvqcf4Sd9Ipksge7545/R+Ei1OCvdhAMTwiBK+66:F4SEl2q4qzaklVBhIpV545/g

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\locales\tr.pak
    1⤵
    • Modifies registry class
    PID:2880
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads