Overview

overview

3

Static

static

1

My_Maps.rbxm

windows11-21h2-x64

3

Analysis

  • max time kernel
    38s
  • max time network
    39s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/08/2024, 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    My_Maps.rbxm

  • Size

    2.1MB

  • MD5

    6841eaa595ae86d2ccee1bf62dfea002

  • SHA1

    6926affd92b04af165ac4aa74321127a266427a0

  • SHA256

    36ca2a153e91697b572825cc743899c1a412f14dfba721d340a0d5d509509792

  • SHA512

    7ef2281e4c8b13c7075843b06a884d83e6271159e800e47906a30c1ef41b2a0ec3f89dd240b18ca286d91997ac7ad246ec159ee5dac461a7fdff9c6186962e8c

  • SSDEEP

    49152:XRZmy8K2343qV624vKOMNq4qG2IC00VM87Z:BZmykIaV62SeIMk0mx

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\My_Maps.rbxm
    1⤵
    • Modifies registry class
    PID:1696
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4204
    • C:\Program Files\Microsoft Office\root\Office16\Winword.exe
      "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\My_Maps.rbxm"
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4680-2-0x00007FFAD0530000-0x00007FFAD0540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4680-1-0x00007FFAD0530000-0x00007FFAD0540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4680-0-0x00007FFAD0530000-0x00007FFAD0540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4680-3-0x00007FFAD0530000-0x00007FFAD0540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4680-4-0x00007FFAD0530000-0x00007FFAD0540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4680-5-0x00007FFACDE00000-0x00007FFACDE10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4680-6-0x00007FFACDE00000-0x00007FFACDE10000-memory.dmp

    Filesize

    64KB

    Download