Overview

overview

10

Static

static

7

gr7e2u08.rar

windows7-x64

3

gr7e2u08.rar

windows10-2004-x64

3

gr7e2u08/D...gs.vbs

windows7-x64

3

gr7e2u08/D...gs.vbs

windows10-2004-x64

1

gr7e2u08/ReadMe.txt

windows7-x64

1

gr7e2u08/ReadMe.txt

windows10-2004-x64

1

gr7e2u08/dControl.exe

windows7-x64

10

gr7e2u08/dControl.exe

windows10-2004-x64

7

out.exe

windows7-x64

out.exe

windows10-2004-x64

gr7e2u08/dControl.ini

windows7-x64

1

gr7e2u08/dControl.ini

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2024 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gr7e2u08.rar

  • Size

    446KB

  • MD5

    4f416671e1045824198b4608b51ab7e4

  • SHA1

    4cb1d59215f53a35e12a99b9ffdea44902fe6c5a

  • SHA256

    28aeaf7ce21b286c84d6462435bfeb60f97a57b875691dde4f2936b6c3f23684

  • SHA512

    e7411a260707dcf13c8b6d0bb83670edc04dd218cf7081e3fbb86d911bfe62214f4791538914cb16eb630a8f0095d8bde59000b9df1fa8accb5f43bf12309862

  • SSDEEP

    12288:kBxEZBLvr5YksjahgoOLWNTmgklG7XlXPdNxCvNLseMzzbMClm:CxE75xFQaN6G7xxClAFU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\gr7e2u08.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\gr7e2u08.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\gr7e2u08.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3024
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\gr7e2u08.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-24-0x000000013FD10000-0x000000013FE08000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1688-25-0x000007FEFAA70000-0x000007FEFAAA4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1688-27-0x000007FEFAA50000-0x000007FEFAA68000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1688-33-0x000007FEF6770000-0x000007FEF6781000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1688-32-0x000007FEF6790000-0x000007FEF67AD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1688-31-0x000007FEF72E0000-0x000007FEF72F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1688-30-0x000007FEFA9F0000-0x000007FEFAA07000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1688-29-0x000007FEFAA10000-0x000007FEFAA21000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1688-28-0x000007FEFAA30000-0x000007FEFAA47000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1688-26-0x000007FEF5B10000-0x000007FEF5DC6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1688-34-0x000007FEF57D0000-0x000007FEF59DB000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1688-44-0x000007FEF5770000-0x000007FEF5788000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1688-43-0x000007FEF5790000-0x000007FEF57A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1688-42-0x000007FEF57B0000-0x000007FEF57CB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1688-45-0x000007FEF5740000-0x000007FEF5770000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1688-57-0x000007FEF0730000-0x000007FEF0747000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1688-56-0x000007FEF0750000-0x000007FEF08D0000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1688-55-0x000007FEF54E0000-0x000007FEF54F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1688-54-0x000007FEF5500000-0x000007FEF5511000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1688-53-0x000007FEF5520000-0x000007FEF5543000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1688-52-0x000007FEF5550000-0x000007FEF5568000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1688-51-0x000007FEF5570000-0x000007FEF5594000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1688-50-0x000007FEF55A0000-0x000007FEF55C8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1688-49-0x000007FEF55D0000-0x000007FEF5627000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1688-48-0x000007FEF5630000-0x000007FEF5641000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1688-46-0x000007FEF56D0000-0x000007FEF5737000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1688-35-0x000007FEF4030000-0x000007FEF50E0000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/1688-47-0x000007FEF5650000-0x000007FEF56CC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1688-41-0x000007FEF6150000-0x000007FEF6161000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1688-40-0x000007FEF6170000-0x000007FEF6181000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1688-39-0x000007FEF6190000-0x000007FEF61A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1688-38-0x000007FEF66D0000-0x000007FEF66E8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1688-37-0x000007FEF66F0000-0x000007FEF6711000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1688-36-0x000007FEF6720000-0x000007FEF6761000-memory.dmp

    Filesize

    260KB

    Download