Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
03-09-2024 01:40
General
-
Target
Fizetési megbízás.rar
-
Size
522KB
-
MD5
ab7cf9a2889148e243dc3acd3429dbd4
-
SHA1
f0da693d8d5bf073fa5765352f59460ee41c7bae
-
SHA256
4298ea880ee6c352e0ca6c25cc7737a5c92ae24d565f1cd5402770f7e6f2faba
-
SHA512
14e8503340208c918fcbf20590ac0de5e7670af674d75531f4acad2aee8989f98b0576030b7b1813b8f2b14018ca8b02c5a759e6bc71d83e77940e7ee9c96397
-
SSDEEP
12288:l0rLRtTNaLFoQrE2VmXuMJCVFzpc+8sDtP5EUkqc+b/iYJ4EjDNMN+k:uxtBa9mX8VDRD9V+i/HNS9
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Fizetési megbízás.rar"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Fizetési megbízás.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Fizetési megbízás.rar3⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
-