Overview
overview
10Static
static
100.exe.zip
windows7-x64
10.exe.zip
windows10-2004-x64
10.exe
windows7-x64
100.exe
windows10-2004-x64
10.data
windows7-x64
3.data
windows10-2004-x64
3.rdata
windows7-x64
3.rdata
windows10-2004-x64
3.reloc
windows7-x64
3.reloc
windows10-2004-x64
3.rsrc/BITMAP/103.bmp
windows7-x64
3.rsrc/BITMAP/103.bmp
windows10-2004-x64
7.rsrc/MANIFEST/1.xml
windows7-x64
3.rsrc/MANIFEST/1.xml
windows10-2004-x64
1.rsrc/MENU/102
windows7-x64
1.rsrc/MENU/102
windows10-2004-x64
1.rsrc/version.txt
windows7-x64
1.rsrc/version.txt
windows10-2004-x64
1.text
windows7-x64
3.text
windows10-2004-x64
3Analysis
-
max time kernel
16s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
15-08-2024 09:26
Behavioral task
behavioral1
Sample
0.exe.zip
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
0.exe.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
0.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
0.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
.data
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
.data
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
.rdata
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
.rdata
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
.reloc
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
.reloc
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
.rsrc/BITMAP/103.bmp
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
.rsrc/BITMAP/103.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
.rsrc/MANIFEST/1.xml
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
.rsrc/MANIFEST/1.xml
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
.rsrc/MENU/102
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
.rsrc/MENU/102
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
.rsrc/version.txt
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
.rsrc/version.txt
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
.text
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
.text
Resource
win10v2004-20240802-en
General
-
Target
.text
-
Size
43KB
-
MD5
c717527fa73d21059748cc178628dc37
-
SHA1
37d7d49838f59db650b4fdd55f43b90be59446f2
-
SHA256
e6a8a41d1a128d0bb578187db7544c427941c9a4eac07ba83b69111a190a5631
-
SHA512
7771013e2493b5ed5b1e2016d55b3f55ebc362f45aac559cdccbad70f4f7cd4e2212a5ef6f8d5762ecde0244c2ff86eb65e53a2d3662b692066f27cfcc3eba06
-
SSDEEP
768:Ve+5tLcz6AVenNCdVKT/o+ySREAkGcMZ1h6GHHLVfMW/QP4:VTtLcWyeYd4//yEZc1GJf7/QP4
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 12 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\text_auto_file\shell\edit rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\text_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\text_auto_file\shell\open\command rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\.text rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\text_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\text_auto_file\ rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\.text\ = "text_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\text_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\text_auto_file\shell\edit\command rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\text_auto_file\shell\open rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_CLASSES\text_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
cmd.exerundll32.exedescription pid process target process PID 2212 wrote to memory of 2828 2212 cmd.exe rundll32.exe PID 2212 wrote to memory of 2828 2212 cmd.exe rundll32.exe PID 2212 wrote to memory of 2828 2212 cmd.exe rundll32.exe PID 2828 wrote to memory of 2720 2828 rundll32.exe NOTEPAD.EXE PID 2828 wrote to memory of 2720 2828 rundll32.exe NOTEPAD.EXE PID 2828 wrote to memory of 2720 2828 rundll32.exe NOTEPAD.EXE
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\.text1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\.text2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\.text3⤵