Analysis

  • max time kernel
    106s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/09/2024, 13:34

General

  • Target

    $PLUGINSDIR/app-64.7z

  • Size

    76.0MB

  • MD5

    27553a121fe3f20fa5f6acb2188194ec

  • SHA1

    9bf6c3f68ece5a0d8fd61652462a8bb46a41e521

  • SHA256

    b8a041027d7f90eb6ed91df36b742f3caacd0fc0687d0b968eb3342f8d8e8e12

  • SHA512

    27de4001c09217d966766967fef68f1b02c361d4a8933785ec25b536ade36dc2841c27bcdd736913887efb8348d7352258f3d9cf266a42006aa7854e29c67507

  • SSDEEP

    1572864:drziNx5qbJJaoTl9ncU8gKEiPYlkJHo7XiCgo2ck7fT56UaO5UpLVqRij:4x5qbbtTlFdKlYSsXiCgHt6U1upzj

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z
    1⤵
    • Modifies registry class
    PID:3792
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads