Overview

overview

10

Static

static

10

TotalAV_Setup.exe

windows7-x64

4

TotalAV_Setup.exe

windows10-2004-x64

4

$APPDATA/T...wf.dat

windows7-x64

3

$APPDATA/T...wf.dat

windows10-2004-x64

3

$APPDATA/T...wf.dat

windows7-x64

3

$APPDATA/T...wf.dat

windows10-2004-x64

3

$APPDATA/T...en.dat

windows7-x64

3

$APPDATA/T...en.dat

windows10-2004-x64

3

$APPDATA/T...wf.dat

windows7-x64

3

$APPDATA/T...wf.dat

windows10-2004-x64

3

$APPDATA/T...mv.dat

windows7-x64

3

$APPDATA/T...mv.dat

windows10-2004-x64

3

$APPDATA/T...db.dat

windows7-x64

3

$APPDATA/T...db.dat

windows10-2004-x64

3

$APPDATA/T...ce.dll

windows7-x64

3

$APPDATA/T...ce.dll

windows10-2004-x64

3

$APPDATA/T...wf.dat

windows7-x64

3

$APPDATA/T...wf.dat

windows10-2004-x64

3

$APPDATA/T...mv.dat

windows7-x64

3

$APPDATA/T...mv.dat

windows10-2004-x64

3

$APPDATA/T...et.dat

windows7-x64

3

$APPDATA/T...et.dat

windows10-2004-x64

3

$APPDATA/T...df.dat

windows7-x64

3

$APPDATA/T...df.dat

windows10-2004-x64

3

$APPDATA/T...e.conf

windows7-x64

3

$APPDATA/T...e.conf

windows10-2004-x64

3

$APPDATA/T...sg.avr

windows7-x64

3

$APPDATA/T...sg.avr

windows10-2004-x64

3

$APPDATA/T...rt.crt

windows7-x64

1

$APPDATA/T...rt.crt

windows10-2004-x64

1

$APPDATA/T...README

windows7-x64

1

$APPDATA/T...README

windows10-2004-x64

1

Resubmissions

07-08-2024 12:20

240807-ph2rtsyejj 10

Analysis

  • max time kernel
    91s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-08-2024 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aelidb.dat

  • Size

    86KB

  • MD5

    e12b4507919ef2d5b5f2b5332f7c2bb1

  • SHA1

    4dd0c1870754a4052f9de5f09f69df3f7bae4b3d

  • SHA256

    ca5bb2f6c93eccc1ef5a2b2aae25b4976a2ce320a52d13d74f12b65205678e53

  • SHA512

    74a2e05077726ab00a810325d6be729c001f290977c9e4e3d81d3f4fe4398317698510a0bf5d5014625e5c740f11dc10cf004cac343cd1e4d8ab82908a0376ad

  • SSDEEP

    1536:FO4WQ7zW+Du+XTe8+bv2OMtIW82iH5ytCHyfiaHBzPTZZXB8jirkm1l:1NzXDFjvM25o2iHMWMzPZ0ib

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$APPDATA\TotalAV\updates\SAVAPI 8.0.1\aelidb.dat"
    1⤵
    • Modifies registry class
    PID:2280
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads