Overview

overview

6

Static

static

6

whatsapp_P...rg.apk

windows7-x64

3

Resubmissions

15-09-2024 13:05

240915-qbk16swaqk 10

11-08-2024 03:45

240811-ebk6dstdrq 6

10-08-2024 18:57

240810-xlxahssgrj 10

Analysis

  • max time kernel
    0s
  • max time network
    3s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    whatsapp_Plus_17.85_whatsapplus.org.apk

  • Size

    114.8MB

  • MD5

    56ccacc70ccc328698edc296e183e9c8

  • SHA1

    5c9bfdd00ae326c766611ed26770a1fd4acff73a

  • SHA256

    329ccadb1f5a9027f7c85061cb5d2137343749f585120ce339e437ef2ccd18f9

  • SHA512

    accbf2510ff0eb3dada21a001c5fc1eb8f66e9583ee270745eecfc9262d6adf120de38ec6feecd1ac188cdcb52babf8d54803ab9464729585d16f1f49a1666b6

  • SSDEEP

    1572864:df3YFq69wcVm6+i5AEhKr+4QDuUaJRKfyMuK0aPKIUsqGM7UgolqKWG40rAIZBS/:dvYFHnKbEQWsGXuK0EHMJGWp0fZMd1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\whatsapp_Plus_17.85_whatsapplus.org.apk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\whatsapp_Plus_17.85_whatsapplus.org.apk
      2⤵
      • Modifies registry class
      PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads