Analysis
-
max time kernel
93s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18-09-2024 11:10
General
-
Target
astro pass 1.rar
-
Size
12.4MB
-
MD5
dfb5a5ef9fe9d09ae521fec5e2f54ecf
-
SHA1
689ea335575a8312d6091eb99f5afa3f4bc01880
-
SHA256
baa33659646ea9a4d713d5046233a631587a399099cfc45a55439332e1675de1
-
SHA512
319fce64195387e1fda76e35febf8c246fa3d0da36e8fd64145bd8b50dbc9e28ff200d71e776edf0cd5fdfc13930fbf82d1b407ea08e3dcd647b4f1fdda0c768
-
SSDEEP
393216:p2Qomebw7KckTX47nWgUdrKPKQrt2SBoRVIWSUE+ehBiNPfdUQXvKV:sQopkKcg47WgoBQrtnORVI3UE+e8pv2
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 27 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\astro pass 1.rar"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\astro pass 1.rar2⤵
-