Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-09-2024 14:20

General

  • Target

    chrome_200_percent.pak

  • Size

    312KB

  • MD5

    6af049ad6fd11ee90ad9db31c4e02082

  • SHA1

    5d2f9a59a74dc584b5dd78aeb6de583e969e3eb7

  • SHA256

    edecf8e1ac353bfdae534e42507e5a59973cb4cab76fbb1ff1a470363e725bc4

  • SHA512

    c7fa6e1a57861e62b9b4d615a988c98d13cde8abc23eaed7c36c2ecb86409da4b65b1f579ca2f307e90eb4d08d14b07f7f41ccb8d8c165d6de67c09c16009715

  • SSDEEP

    6144:KDQYaR+9b2nEz73QYV85u/oFYvwoytKi6obByPGlPFYKKo+:PfIyAg5u/oFFpxLlFYb

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    d970df034c7a004e4ff33ac8f3bd5f36

    SHA1

    12690d939a7688ee877a1ebae2cf5c08557b71b3

    SHA256

    82cc9b24b527f9ca00d59f744f684b50f443876c6af46915dee008bbdbbc5478

    SHA512

    e808164aed3098949f4185c0bfa8afb4c401d49a1589797536b8f60fde270b1435922be0d0e0c5262fe21bb1df23ea64fb735743b24eb9ba9d33accd5e92b71b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.