Overview

overview

10

Static

static

3

Vedani-Cry...er.zip

windows7-x64

1

Vedani-Cry...er.zip

windows10-2004-x64

1

Vedani-Cry...ICENSE

windows7-x64

1

Vedani-Cry...ICENSE

windows10-2004-x64

1

Vedani-Cry...DME.md

windows7-x64

3

Vedani-Cry...DME.md

windows10-2004-x64

3

Vedani-Cry...al.mp4

windows7-x64

1

Vedani-Cry...al.mp4

windows10-2004-x64

6

Vedani-Cry...er.exe

windows7-x64

7

Vedani-Cry...er.exe

windows10-2004-x64

10

test.pyc

windows7-x64

3

test.pyc

windows10-2004-x64

3

Vedani-Cry...UI.dll

windows7-x64

1

Vedani-Cry...UI.dll

windows10-2004-x64

1

Vedani-Cry...on.exe

windows7-x64

9

Vedani-Cry...on.exe

windows10-2004-x64

10

Vedani-Cry...ce.exe

windows7-x64

1

Vedani-Cry...ce.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    102s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 14:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Vedani-Crypter-Lifetime-Activated-vedani-crypter/README.md

  • Size

    518B

  • MD5

    1ef1b10772beddb317d01e565c007e0d

  • SHA1

    b8f8e66a806b5cb57a125730c70eb3da2dc0f543

  • SHA256

    09c769ec0ce7a58f798994e447c7a5164fcf6be2bed1041d9c0ea5817a7d7ced

  • SHA512

    4cf56ccbe6a15bde7653ccc6be1d17621448c9ebb22c3f909509262704900e07a960843174f5d8299ebb2e0d137955df68fd79b6889fc75e15dee0c7863aa3ef

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Vedani-Crypter-Lifetime-Activated-vedani-crypter\README.md
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Vedani-Crypter-Lifetime-Activated-vedani-crypter\README.md
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Vedani-Crypter-Lifetime-Activated-vedani-crypter\README.md"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2848

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          55f1bd13968ac150caea5975c178dd3f

          SHA1

          90aa80ddbc55aeb3ea32e0ef9d03d88b91964a00

          SHA256

          997d8454b0e2a4fa4832d99b8a07dc6e3380114621ca614f2125cc5254bd9466

          SHA512

          c84a31c392fc1379cc053b0c90fa3afa4d94771243390c9fd3e1e4da0ad726c57276fafa6d8ea09ea999420fc398f6734d99c8b51bddf5b18003b8a6febe4ae0

          Download Submit