Overview

overview

9

Static

static

7

unl.rar

windows7-x64

3

unl.rar

windows10-2004-x64

3

unl/Spotify.cfg

windows7-x64

3

unl/Spotify.cfg

windows10-2004-x64

3

unl/blobs/a.ini

windows7-x64

1

unl/blobs/a.ini

windows10-2004-x64

1

unl/blobs/b.ini

windows7-x64

1

unl/blobs/b.ini

windows10-2004-x64

1

unl/unl_cracked.exe

windows7-x64

9

unl/unl_cracked.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 01:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    unl/Spotify.cfg

  • Size

    51B

  • MD5

    a31638f636f3cff044f77338c8a850ab

  • SHA1

    ca46698adb72410d35bb56989a369880e503756f

  • SHA256

    357a0410620a468d333a5235ec424a3bbc8b330ba16968f381e1c8ffa89dff39

  • SHA512

    aafd96f0fda67c76d1cef2ed8ade0717baec758a99e6e110c62c79ae215a5dd1e90c7624adaecd9a68153c94b7ef69e7cc09e1a879ad4568d08b0170e6b66f85

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\unl\Spotify.cfg
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\unl\Spotify.cfg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2952
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\unl\Spotify.cfg"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    12beacc714606138189bc3ef6e279985

    SHA1

    5f326786be34f3a23a7e0df7d0d2389edab596cb

    SHA256

    ae106741bccea36d7e1e5a41fb4732588fae16f22ce37f9abd892e6c08609917

    SHA512

    6d8e8e5b638b1d612de3f72ed192cd996f9ab61751e2219399f8366e6bdcca3cef7de23dc4a06a6f107976f9b8838e3abde43823040cdd2dd020b8009dac7396

    Download Submit