Overview

overview

3

Static

static

1

s.rar

windows7-x64

3

s.rar

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    s.rar

  • Size

    44KB

  • MD5

    46e78c4bba51b9cca7b2f88d6f7a4397

  • SHA1

    8f92a7e64cd600b5793c23b8bf02890366bc6aa1

  • SHA256

    d729e14ae2c92513a1a8218e43446cd054d0e6cb903017f64956f8a4963d3a9c

  • SHA512

    793434c5b86b7851c99160a1e289a903ece78b5807aec96162cdf8bf8966c23303eaabffebb905d5d1c463521c7e975f61f788be9e52c25109003129686efd68

  • SSDEEP

    768:uwSnPEMnyZlohkmzy7L9rILaeSYWLmz1xpib+HSYD++d2pU0Bdb1:uwSPTnqlkzy/RI2Yz4yHSYa+d2pUK

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\s.rar
    1⤵
    • Modifies registry class
    PID:516
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4776
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\s.rar"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3764-6-0x00007FFFE51A0000-0x00007FFFE51D4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/3764-5-0x00007FF651F70000-0x00007FF652068000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3764-9-0x00007FFFDD650000-0x00007FFFDD667000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3764-13-0x00007FFFD7460000-0x00007FFFD747D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3764-12-0x00007FFFD7C30000-0x00007FFFD7C41000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3764-11-0x00007FFFD8780000-0x00007FFFD8797000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3764-14-0x00007FFFD7440000-0x00007FFFD7451000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3764-10-0x00007FFFD87A0000-0x00007FFFD87B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3764-7-0x00007FFFD5D30000-0x00007FFFD5FE6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3764-8-0x00007FFFE56A0000-0x00007FFFE56B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3764-15-0x00007FFFD7230000-0x00007FFFD743B000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3764-23-0x00007FFFD4270000-0x00007FFFD4281000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3764-22-0x00007FFFE5A10000-0x00007FFFE5A21000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3764-21-0x00007FFFE95F0000-0x00007FFFE9601000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3764-20-0x00007FFFE9610000-0x00007FFFE9621000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3764-19-0x00007FFFE9630000-0x00007FFFE9648000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3764-18-0x00007FFFE9650000-0x00007FFFE9671000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3764-17-0x00007FFFE9730000-0x00007FFFE9771000-memory.dmp

    Filesize

    260KB

    Download

  • memory/3764-16-0x00007FFFD4C80000-0x00007FFFD5D30000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/3764-35-0x00007FFFD4C80000-0x00007FFFD5D30000-memory.dmp

    Filesize

    16.7MB

    Download