Overview
overview
10Static
static
4d9f0268cba...5f.iso
windows7-x64
3d9f0268cba...5f.iso
windows10-2004-x64
3out.iso
windows7-x64
1out.iso
windows10-2004-x64
1PANDUAN_PE...AS.lnk
windows7-x64
10PANDUAN_PE...AS.lnk
windows10-2004-x64
10PANDUAN_PE...AS.pdf
windows7-x64
3PANDUAN_PE...AS.pdf
windows10-2004-x64
3PANDUAN_PE...AS.ps1
windows7-x64
10PANDUAN_PE...AS.ps1
windows10-2004-x64
10controller.exe
windows7-x64
10controller.exe
windows10-2004-x64
10Analysis
-
max time kernel
112s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07-09-2024 10:22
Behavioral task
behavioral1
Sample
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
out.iso
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
out.iso
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
PANDUAN_PENGGUNA_MyKHAS.lnk
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
PANDUAN_PENGGUNA_MyKHAS.lnk
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
PANDUAN_PENGGUNA_MyKHAS.pdf
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
PANDUAN_PENGGUNA_MyKHAS.pdf
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
PANDUAN_PENGGUNA_MyKHAS.ps1
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
PANDUAN_PENGGUNA_MyKHAS.ps1
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
controller.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
controller.exe
Resource
win10v2004-20240802-en
General
-
Target
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
-
Size
301.3MB
-
MD5
f3e410928fecf68cec98236d1bf0598d
-
SHA1
ca8e7f70b35fe202eba3cb7b52cc5967eca32d47
-
SHA256
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f
-
SHA512
413f7fe44bab520764a54514730226492231b648542e98aeb0d2e38eb3adf4fb9c4d811e1a8965194fe02d2f724c499119891121a9c38acad4b3ded6989f9f7a
-
SSDEEP
6291456:btfHLnhapc6UQ5cBe4raaM7N+2i35r6pLOfEL44i:pfdapc6FEWk5rei8L43
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings cmd.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeManageVolumePrivilege 388 cmd.exe Token: SeManageVolumePrivilege 388 cmd.exe