a8a33f6ec9f119dce68b9764baca7eac229be08bc888b661f26f2d2e31e9f2ba

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31-08-2024 14:40

Target

ElectronV3.rar
Size

11.0MB
MD5

8af03091e9f91f37561e20d7447e024e
SHA1

23a63441238796a4927a85180f6d1bac048dbb5f
SHA256

a8a33f6ec9f119dce68b9764baca7eac229be08bc888b661f26f2d2e31e9f2ba
SHA512

b8e78ea6f1951272a10599010875869a1994099550ff4d202ca4ce51ea1340da97ca76412fdc01788d1035dfa21e3a44f41eb3cfb8fb635865d6f3d3005bfe1e
SSDEEP

196608:QRXuZC/qgGcwMMiICKxP7lwhNY2BjfwTgXe931UfyHBAv1IhP4rais7xs6nzpl4t:MXiC/JGFM3vMzlp2BjfsIyH2YPRise/t

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2760	2236	cmd.exe	31
PID 2236 wrote to memory of 2760	2236	cmd.exe	31
PID 2236 wrote to memory of 2760	2236	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ElectronV3.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ElectronV3.rar
  2⤵
  - Modifies registry class
  PID:2760

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact