Analysis

  • max time kernel
    102s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-08-2024 12:03

General

  • Target

    chrome_100_percent.pak

  • Size

    150KB

  • MD5

    b1bccf31fa5710207026d373edd96161

  • SHA1

    ae7bb0c083aea838df1d78d61b54fb76c9a1182e

  • SHA256

    49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3

  • SHA512

    134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91

  • SSDEEP

    3072:AzwJCGIekwENgMBsFAXg6VKdL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Azw1IekmMBdQXK18Gb0OV8ld0GecQ3Ey

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2292
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    cb619c78c875f509e23459dbc617cffa

    SHA1

    7f189f7003a24d88982dc8dd114cedff883e0540

    SHA256

    4ed5957bdc761ae1211f7d6f9a26ca04fc587a048e9ee804a3fd751496e6f5bb

    SHA512

    33e605cb05e0d0ef52f7a3eded33f218551eb5913711cbbd854b7b71386c9c046e5107f0e9c5370aac812b3c8a2843c22004083f1be1642344ec068bd8240ef7