Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:37

General

  • Target

    b894980cf8646ca7c9e1ca281d9251fe5d0589654fd6867653755c44e486083c.unknown

  • Size

    24KB

  • MD5

    c87f55966d5c7521f65bab509a3920b4

  • SHA1

    63186c1769ad957771d300ec31b2bb3e74c6117f

  • SHA256

    b894980cf8646ca7c9e1ca281d9251fe5d0589654fd6867653755c44e486083c

  • SHA512

    36a96b3c96a750622c8c215ec1f1bddb7e2ebdf7fdc3b370d05d49beb31f27447c3fe208fe6d91b1a1d7647aa28f251b7985b53d29a7201ff26f4b7791832ab2

  • SSDEEP

    192:r8oK3rcd5kM7ffi4UMF1pkOvpF3EiRcx+NSzfxmrmE76tNY2pCumJ0pQrXVjavmc:gGekfnVxVNOmrmEu3YcrmSpC1c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\b894980cf8646ca7c9e1ca281d9251fe5d0589654fd6867653755c44e486083c.unknown
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\b894980cf8646ca7c9e1ca281d9251fe5d0589654fd6867653755c44e486083c.unknown
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b894980cf8646ca7c9e1ca281d9251fe5d0589654fd6867653755c44e486083c.unknown"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    9623d38c382867906c59d1729bf615bb

    SHA1

    b2da09a27a33e7f228af0946b3ce644a5a80b698

    SHA256

    2ee933c45e2c3d38f0b9d5d5a0f2b92ae5f2ee9cc67d388dee592200d85e7a97

    SHA512

    12c10c5318db84d5129c2e9ee856ab1647666d5915b3928f16bb0c21722566ac2754c92a4f18d082a2716cab74792932ddebf5cec7d59c59def1424c048723a7

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.