Overview

overview

3

Static

static

3

HyperV.7z

windows7-x64

3

HyperV.7z

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 17:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    HyperV.7z

  • Size

    86.5MB

  • MD5

    a16957a5934af78008953af4861fef99

  • SHA1

    8fad809497713224fc87253a94083b19d8318806

  • SHA256

    9c7c40cc697cd7809ae493d5eceb372887f9040b32e4fcb7557aa44976894e40

  • SHA512

    318168a0ac9af07f6b951c363fec9e30db82a48367f7cb7617f190555b1486e7eec6ee8304714440806b799067a02cfc0066a843f70e4a7d9a089ac4aa668e95

  • SSDEEP

    1572864:HBYED1er2t37ISNvLG8YyleVRGwraH978gFPuy2mOpYkN15cgOW8Ma1uKkcN5Bll:hYED+2trISjY5VEh78S/2mFkNrcLWlVg

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\HyperV.7z
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\HyperV.7z
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\HyperV.7z
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
          "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\HyperV.7z"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:2528

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          1c2083425f21c9f9fe74e1eb047a774c

          SHA1

          39fa57bc041f882c51483d017ca953461da5962a

          SHA256

          5cda3450af4d0f6a593e3cd1eca14b5d95ef86b12e0e5f61cc76540cb923146c

          SHA512

          a07a80d2dccff1501c4453fbfd69ff756d867b230ea6b8b67bb5efcaa1b7f3cb09c94b9a5a00b906156bfe67da7b8c8c95e2b65b9395ed6b8db6f43b2c6d87df

          Download Submit