Overview

overview

3

Static

static

1

TokLom.rar

windows11-21h2-x64

3

Analysis

  • max time kernel
    35s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/09/2024, 11:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    TokLom.rar

  • Size

    11KB

  • MD5

    895f642ef590da8573c0e304f6ce6177

  • SHA1

    ad39a7680fec2fb72aa5ca6ec4be13b9483d5b5f

  • SHA256

    131bb7dad777b8f4c3857c10c3c6669a1eb936357fa205dbe0fff63c39265870

  • SHA512

    3f87727fccec5bf018b0318dc2659ee5e76212ba776b123d28a57e18fa27e2456ff57ae2f5baadf443bdf1fe9f96d94cf5641e135be847cc83521c0195914491

  • SSDEEP

    192:YAfrPEwz3zmwzMMILit6QG5KB7Tm/Q18UqZ8EVcxwOwe2OkwMS6recPCqfTigzQV:BP73bzoitdBvaaacQwDM9rRTJU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 44 IoCs
  • Suspicious use of SendNotifyMessage 43 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\TokLom.rar
    1⤵
    • Modifies registry class
    PID:2432
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3616
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\TokLom.rar"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3340
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4324
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3128

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3340-33-0x00007FF9FA0C0000-0x00007FF9FA0DB000-memory.dmp

            Filesize

            108KB

            Download

          • memory/3340-40-0x00007FF9F57D0000-0x00007FF9F5827000-memory.dmp

            Filesize

            348KB

            Download

          • memory/3340-15-0x00007FF724D60000-0x00007FF724E58000-memory.dmp

            Filesize

            992KB

            Download

          • memory/3340-19-0x00007FFA00320000-0x00007FFA00337000-memory.dmp

            Filesize

            92KB

            Download

          • memory/3340-18-0x00007FFA00460000-0x00007FFA00478000-memory.dmp

            Filesize

            96KB

            Download

          • memory/3340-36-0x00007FF9FA050000-0x00007FF9FA080000-memory.dmp

            Filesize

            192KB

            Download

          • memory/3340-27-0x00007FF9FA310000-0x00007FF9FA351000-memory.dmp

            Filesize

            260KB

            Download

          • memory/3340-28-0x00007FF9FA540000-0x00007FF9FA561000-memory.dmp

            Filesize

            132KB

            Download

          • memory/3340-29-0x00007FF9FA4B0000-0x00007FF9FA4C8000-memory.dmp

            Filesize

            96KB

            Download

          • memory/3340-39-0x00007FF9F95C0000-0x00007FF9F95D1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/3340-16-0x00007FF9FAE80000-0x00007FF9FAEB4000-memory.dmp

            Filesize

            208KB

            Download

          • memory/3340-20-0x00007FF9FED70000-0x00007FF9FED81000-memory.dmp

            Filesize

            68KB

            Download

          • memory/3340-24-0x00007FF9FA570000-0x00007FF9FA581000-memory.dmp

            Filesize

            68KB

            Download

          • memory/3340-23-0x00007FF9FA590000-0x00007FF9FA5AD000-memory.dmp

            Filesize

            116KB

            Download

          • memory/3340-25-0x00007FF9E94F0000-0x00007FF9E96FB000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3340-22-0x00007FF9FA5B0000-0x00007FF9FA5C1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/3340-21-0x00007FF9FB2D0000-0x00007FF9FB2E7000-memory.dmp

            Filesize

            92KB

            Download

          • memory/3340-17-0x00007FF9FA5D0000-0x00007FF9FA886000-memory.dmp

            Filesize

            2.7MB

            Download

          • memory/3340-30-0x00007FF9FA120000-0x00007FF9FA131000-memory.dmp

            Filesize

            68KB

            Download

          • memory/3340-35-0x00007FF9FA080000-0x00007FF9FA098000-memory.dmp

            Filesize

            96KB

            Download

          • memory/3340-31-0x00007FF9FA100000-0x00007FF9FA111000-memory.dmp

            Filesize

            68KB

            Download

          • memory/3340-38-0x00007FF9EF4D0000-0x00007FF9EF54C000-memory.dmp

            Filesize

            496KB

            Download

          • memory/3340-26-0x00007FF9E8050000-0x00007FF9E9100000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/3340-41-0x00007FF9E7E90000-0x00007FF9E804A000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/3340-37-0x00007FF9F9FE0000-0x00007FF9FA047000-memory.dmp

            Filesize

            412KB

            Download

          • memory/3340-42-0x00000171D0CF0000-0x00000171D255F000-memory.dmp

            Filesize

            24.4MB

            Download

          • memory/3340-34-0x00007FF9FA0A0000-0x00007FF9FA0B1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/3340-32-0x00007FF9FA0E0000-0x00007FF9FA0F1000-memory.dmp

            Filesize

            68KB

            Download

          • memory/4324-2-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4324-9-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4324-4-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4324-10-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4324-11-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4324-12-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4324-13-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4324-14-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4324-8-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4324-3-0x0000026B90EF0000-0x0000026B90EF1000-memory.dmp

            Filesize

            4KB

            Download