Resubmissions

09-10-2024 05:24

241009-f3r9fsxalc 10

27-08-2024 18:18

240827-wxnbbathme 10

Analysis

  • max time kernel
    53s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2024 18:18

General

  • Target

    dump.dex

  • Size

    526KB

  • MD5

    e288b4389026a4be2fe8c2d44c4234c8

  • SHA1

    e8eab7478f924492b48b070de2a473fa72ab2ead

  • SHA256

    0dc1451e270547123ac13878079c693adb06589fb606240c03611ade225c4295

  • SHA512

    db8a318d398c8ce14c7a30a1a013ed691415146fcce38593cb84b0ee27326f6972b349f8a1da693f26930c24254af8eb6b4a7ccb7f1c723247bcf7d34c195675

  • SSDEEP

    6144:rZlm/E8mKHplMFtMc/RBPtQGJcNEkvzS/zmtTpNOZdjfrf+igvpv//G2WMQFPfL0:1lm8/yS/zg7ILgvp3/G2WMqbgThF

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dump.dex
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dump.dex
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dump.dex"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    6fea1635cd0be70c0ecc5642693ac239

    SHA1

    07af5ad7b044ee70c4da7ba78bf1311698ac2d12

    SHA256

    dc6617a89fb0785b950b01d222f47fdf5a451c1fa8ef599f99448352d77a502c

    SHA512

    a07baeea31630cb21a86cda59ff348c4d87ea65f6b95f3409615341cbef0d8a89dbf93c8e00bb6d5c627b7e55b300512d3f49143adb47c08051282d569b6c6c2