Analysis

  • max time kernel
    103s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 09:23

General

  • Target

    rosearch-chrome/manifest.json

  • Size

    416B

  • MD5

    b3e9678189250aeb163e5aa5e5ab0167

  • SHA1

    4f4e814a398534223c68ddafe32c610dd68a2415

  • SHA256

    09bcdc4d7a505c02d42efb28274ae38925204cb00f97ab0564f766f24236e6e0

  • SHA512

    d4a66e9610ee423e42f762413f906abec35548725dafe20e5a6939f3a549475a8ece53a4ecc25017ed04c29dc20dac4861608944fc41b0d5468f090cf6e9b5ea

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\rosearch-chrome\manifest.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\rosearch-chrome\manifest.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\rosearch-chrome\manifest.json"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2712

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          540ef66b920f9b76fe6b84ba371a47e3

          SHA1

          e8e9945cc91c13b8a1716e6c2a2d5cdf351c2496

          SHA256

          359174b573ebd21d4a2d5a0871093a53c56ba596bfba79794ddf8ebdb58d7f78

          SHA512

          34669420a8fc7f2f810816e0d0ff878b863a8790ae5ec700736e2013159aacee937160888093787c5af0de571526c73e581bb58de856da9803ced19425755cac