Analysis
-
max time kernel
1400s -
max time network
1162s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
14-08-2024 22:04
Static task
static1
3 signatures
Behavioral task
behavioral1
Sample
1f211786b89e8c5d8b10eb0e49ba72749e6946ea1d41c4adbd13f6dd0f2dfae4.apk
Resource
win11-20240802-en
3 signatures
1800 seconds
General
-
Target
1f211786b89e8c5d8b10eb0e49ba72749e6946ea1d41c4adbd13f6dd0f2dfae4.apk
-
Size
310KB
-
MD5
e2ac3109a7cf499fade0799bc5e3c2e1
-
SHA1
d70a296c80e238dbb52ff56e03fe51c7428f35a8
-
SHA256
1f211786b89e8c5d8b10eb0e49ba72749e6946ea1d41c4adbd13f6dd0f2dfae4
-
SHA512
e59774cf2c364cef1c46a99b3d20b5554fc4b6ceaccce87769112faf77e0d407397ac74cf04331572cd46b808d72606e6a030985dabb30076576102815f68ed3
-
SSDEEP
6144:gnJP1nNBYyLCBOXPJWVeBCY7a2aWeLJ8g2rQBuH6Rg06a6NUTrZ7/EuGO:ONBYFO/IS3pabQrQDg036NqZrn/
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 2016 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\1f211786b89e8c5d8b10eb0e49ba72749e6946ea1d41c4adbd13f6dd0f2dfae4.apk1⤵
- Modifies registry class
PID:444
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2016