Analysis

  • max time kernel
    144s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 16:20

General

  • Target

    BootstrapperV1.13.rar

  • Size

    79KB

  • MD5

    88e52f784ad35aff3b37046d8fc152a5

  • SHA1

    d86313ca8a39d844f767d0f70de4bb68b8e2bb04

  • SHA256

    683532c9ddccd09aac6480c255099963803eac956ea1d5597c772ff13a8a7a31

  • SHA512

    82b9aae88dd61416e011f29d092201b0609c0e5d25126343062b548240e585ad1dcd01cbc73fbe0056becf3b060716cb56d35bba1080c441eb01e4c0b173d1c3

  • SSDEEP

    1536:mpcWhrJks7JCizXkmQQU6eGMgBBXv+RPk5xH9griGKmhBGXzs9Xau:qX7JCiLMBbyvY8CC40js9N

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.13.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.13.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2136
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.13.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.13.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3032-30-0x000007FEFB7D0000-0x000007FEFB804000-memory.dmp

    Filesize

    208KB

  • memory/3032-29-0x000000013FF60000-0x0000000140058000-memory.dmp

    Filesize

    992KB

  • memory/3032-33-0x000007FEFB790000-0x000007FEFB7A7000-memory.dmp

    Filesize

    92KB

  • memory/3032-34-0x000007FEFB770000-0x000007FEFB781000-memory.dmp

    Filesize

    68KB

  • memory/3032-35-0x000007FEFB750000-0x000007FEFB767000-memory.dmp

    Filesize

    92KB

  • memory/3032-32-0x000007FEFB7B0000-0x000007FEFB7C8000-memory.dmp

    Filesize

    96KB

  • memory/3032-36-0x000007FEF6BF0000-0x000007FEF6C01000-memory.dmp

    Filesize

    68KB

  • memory/3032-38-0x000007FEF6950000-0x000007FEF6961000-memory.dmp

    Filesize

    68KB

  • memory/3032-37-0x000007FEF6BD0000-0x000007FEF6BED000-memory.dmp

    Filesize

    116KB

  • memory/3032-31-0x000007FEF63F0000-0x000007FEF66A6000-memory.dmp

    Filesize

    2.7MB

  • memory/3032-43-0x000007FEF4EA0000-0x000007FEF4EB8000-memory.dmp

    Filesize

    96KB

  • memory/3032-57-0x000007FEF4BC0000-0x000007FEF4BD8000-memory.dmp

    Filesize

    96KB

  • memory/3032-62-0x000007FEF2280000-0x000007FEF2297000-memory.dmp

    Filesize

    92KB

  • memory/3032-61-0x000007FEF22A0000-0x000007FEF2420000-memory.dmp

    Filesize

    1.5MB

  • memory/3032-60-0x000007FEF4B50000-0x000007FEF4B62000-memory.dmp

    Filesize

    72KB

  • memory/3032-59-0x000007FEF4B70000-0x000007FEF4B81000-memory.dmp

    Filesize

    68KB

  • memory/3032-58-0x000007FEF4B90000-0x000007FEF4BB3000-memory.dmp

    Filesize

    140KB

  • memory/3032-56-0x000007FEF4BE0000-0x000007FEF4C04000-memory.dmp

    Filesize

    144KB

  • memory/3032-55-0x000007FEF4C10000-0x000007FEF4C38000-memory.dmp

    Filesize

    160KB

  • memory/3032-54-0x000007FEF4C40000-0x000007FEF4C97000-memory.dmp

    Filesize

    348KB

  • memory/3032-53-0x000007FEF4CA0000-0x000007FEF4CB1000-memory.dmp

    Filesize

    68KB

  • memory/3032-52-0x000007FEF4CC0000-0x000007FEF4D3C000-memory.dmp

    Filesize

    496KB

  • memory/3032-51-0x000007FEF4D40000-0x000007FEF4DA7000-memory.dmp

    Filesize

    412KB

  • memory/3032-50-0x000007FEF4DB0000-0x000007FEF4DE0000-memory.dmp

    Filesize

    192KB

  • memory/3032-49-0x000007FEF4DE0000-0x000007FEF4DF8000-memory.dmp

    Filesize

    96KB

  • memory/3032-48-0x000007FEF4E00000-0x000007FEF4E11000-memory.dmp

    Filesize

    68KB

  • memory/3032-47-0x000007FEF4E20000-0x000007FEF4E3B000-memory.dmp

    Filesize

    108KB

  • memory/3032-46-0x000007FEF4E40000-0x000007FEF4E51000-memory.dmp

    Filesize

    68KB

  • memory/3032-45-0x000007FEF4E60000-0x000007FEF4E71000-memory.dmp

    Filesize

    68KB

  • memory/3032-44-0x000007FEF4E80000-0x000007FEF4E91000-memory.dmp

    Filesize

    68KB

  • memory/3032-41-0x000007FEF6900000-0x000007FEF6941000-memory.dmp

    Filesize

    260KB

  • memory/3032-40-0x000007FEF4EF0000-0x000007FEF50FB000-memory.dmp

    Filesize

    2.0MB

  • memory/3032-42-0x000007FEF4EC0000-0x000007FEF4EE1000-memory.dmp

    Filesize

    132KB

  • memory/3032-39-0x000007FEF5100000-0x000007FEF61B0000-memory.dmp

    Filesize

    16.7MB