Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 09:09

General

  • Target

    $PROGRAMFILES/staalarbejders/Telefonbger.knu

  • Size

    52KB

  • MD5

    5044e84bc1ae30a8ab16fc6211ceb5ff

  • SHA1

    0668bfbb7c58a9b787ab2a1e174d99db070dcd7a

  • SHA256

    a5e07e1ed61b4a6b6378610f6c8c5a46c61f713d1bb041aeba18ee044056b5a6

  • SHA512

    2a757b88c4794712db072966366b1122fe19317a20986f543b14fb5fcc956faa83e5079f71057a2cf7a591abd1897799e0d90b5bab21be5f28878607596e164e

  • SSDEEP

    1536:YCuvtDh6dKLvRFfRW65RfIPZ9on8MPbqpR:YCuNh6GvXJlQXAqpR

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\staalarbejders\Telefonbger.knu
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\staalarbejders\Telefonbger.knu
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2724
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\staalarbejders\Telefonbger.knu"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    0276ce3b10a14c2a702b554fc43e4425

    SHA1

    8d40d68a980a11c95e76ccb03ee5ae19ea7c9173

    SHA256

    0a4a00531f0b45beddcedc4f930dd5b371bbd4ca7b4f0e2998bcdc08f290e107

    SHA512

    fba9ea16f7c7e62476e053568a1751dcf12e146f644c6f37ecd64b22d80ca39eaeee4f170cd7432af5a1ba272f32149969ea3f21d3588dad16c291862d1f90a7

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.