Overview

overview

3

Static

static

1

astro pass 1.rar

windows7-x64

3

astro pass 1.rar

windows10-2004-x64

3

password 1.txt

windows7-x64

1

password 1.txt

windows10-2004-x64

1

пароль 1.txt

windows7-x64

1

пароль 1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    astro pass 1.rar

  • Size

    12.4MB

  • MD5

    dfb5a5ef9fe9d09ae521fec5e2f54ecf

  • SHA1

    689ea335575a8312d6091eb99f5afa3f4bc01880

  • SHA256

    baa33659646ea9a4d713d5046233a631587a399099cfc45a55439332e1675de1

  • SHA512

    319fce64195387e1fda76e35febf8c246fa3d0da36e8fd64145bd8b50dbc9e28ff200d71e776edf0cd5fdfc13930fbf82d1b407ea08e3dcd647b4f1fdda0c768

  • SSDEEP

    393216:p2Qomebw7KckTX47nWgUdrKPKQrt2SBoRVIWSUE+ehBiNPfdUQXvKV:sQopkKcg47WgoBQrtnORVI3UE+e8pv2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\astro pass 1.rar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\astro pass 1.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2080
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\astro pass 1.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2264
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\astro pass 1.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
    Filesize

    92B

    MD5

    1665a1f58eea70425af5b552b235b4da

    SHA1

    4084f4f06826955d9d13e64eb2bd944356ef9271

    SHA256

    f34346d35f8ba29cfcc9313beb949a583a8c0fe4b846cb8b1c8570cff19fe146

    SHA512

    219da6be4c0eeb6a5603abee62b4c63a5714662a3d7216253ce0ce910460b818dbaa23aacfc01b121ca23ddb967ebbc3741ff4a7eefcbd9f3265e581d47693c6

    Download Submit

  • memory/2600-46-0x000007FEF6B80000-0x000007FEF6B91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2600-37-0x000007FEF7740000-0x000007FEF775D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2600-33-0x000007FEFAE40000-0x000007FEFAE57000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2600-47-0x000007FEF6B60000-0x000007FEF6B7B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2600-35-0x000007FEFAE00000-0x000007FEFAE17000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2600-31-0x000007FEF5EE0000-0x000007FEF6196000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2600-36-0x000007FEF79B0000-0x000007FEF79C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2600-48-0x000007FEF6B40000-0x000007FEF6B51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2600-38-0x000007FEF7720000-0x000007FEF7731000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2600-39-0x000007FEF5BA0000-0x000007FEF5DAB000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2600-42-0x000007FEF6C00000-0x000007FEF6C21000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2600-43-0x000007FEF6BE0000-0x000007FEF6BF8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2600-44-0x000007FEF6BC0000-0x000007FEF6BD1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2600-49-0x000007FEF6700000-0x000007FEF6718000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2600-45-0x000007FEF6BA0000-0x000007FEF6BB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2600-30-0x000007FEFAE80000-0x000007FEFAEB4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2600-34-0x000007FEFAE20000-0x000007FEFAE31000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2600-32-0x000007FEFAE60000-0x000007FEFAE78000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2600-41-0x000007FEF76D0000-0x000007FEF7711000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2600-50-0x000007FEF5B70000-0x000007FEF5BA0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2600-51-0x000007FEF5B00000-0x000007FEF5B67000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2600-52-0x000007FEF5A80000-0x000007FEF5AFC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2600-53-0x000007FEF66E0000-0x000007FEF66F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2600-56-0x000007FEF59C0000-0x000007FEF59E4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2600-55-0x000007FEF59F0000-0x000007FEF5A18000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2600-58-0x000007FEF5990000-0x000007FEF59B3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2600-59-0x000007FEF5970000-0x000007FEF5981000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2600-57-0x000007FEF6510000-0x000007FEF6528000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2600-54-0x000007FEF5A20000-0x000007FEF5A77000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2600-60-0x000007FEF5950000-0x000007FEF5962000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2600-61-0x000007FEF1F10000-0x000007FEF1F27000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2600-40-0x000007FEF44D0000-0x000007FEF5580000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2600-29-0x000000013F140000-0x000000013F238000-memory.dmp

    Filesize

    992KB

    Download