Overview

overview

3

Static

static

3

dropper.rar

windows7-x64

3

dropper.rar

windows10-2004-x64

3

dropper.exe

windows7-x64

1

dropper.exe

windows10-2004-x64

1

dropper.exe

windows7-x64

1

dropper.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dropper.rar

  • Size

    60KB

  • MD5

    3f02fce71ef4958612e02cc9cd6ea4e6

  • SHA1

    1b178483ac3000e76bc85ba0cdf1b75495247967

  • SHA256

    1029eac4d8121e835e6012c6ff00590149d38639da499272525043783a8695ce

  • SHA512

    ff7c8a6f8d3bcebe27fd33147c14a9195aad412ae88f0b96f5c7271dc3d73bf4b83f5213bef260bcafb049e3767a71c450a7d5d9e46a3b0af59eb8e2a739c26e

  • SSDEEP

    1536:qsW/E6cpXK5hm5REhrIy7VAvUzP0xWDIaih+I/cjA:HW/E6yKW5REhrpcx+IHX/h

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dropper.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dropper.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dropper.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2824
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\dropper.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2672-30-0x000007FEFAA30000-0x000007FEFAA64000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2672-29-0x000000013FB70000-0x000000013FC68000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2672-33-0x000007FEFA9F0000-0x000007FEFAA07000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2672-36-0x000007FEFA640000-0x000007FEFA651000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-37-0x000007FEF7770000-0x000007FEF778D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2672-35-0x000007FEFA9B0000-0x000007FEFA9C7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2672-34-0x000007FEFA9D0000-0x000007FEFA9E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-31-0x000007FEF5CA0000-0x000007FEF5F56000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2672-32-0x000007FEFAA10000-0x000007FEFAA28000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2672-38-0x000007FEF74D0000-0x000007FEF74E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-39-0x000007FEF5960000-0x000007FEF5B6B000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2672-50-0x000007FEF47E0000-0x000007FEF4810000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2672-49-0x000007FEF4810000-0x000007FEF4828000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2672-48-0x000007FEF4830000-0x000007FEF4841000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-47-0x000007FEF4850000-0x000007FEF486B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2672-46-0x000007FEF4870000-0x000007FEF4881000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-45-0x000007FEF4890000-0x000007FEF48A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-44-0x000007FEF62D0000-0x000007FEF62E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-43-0x000007FEF6470000-0x000007FEF6488000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2672-42-0x000007FEF74A0000-0x000007FEF74C1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2672-41-0x000007FEF6490000-0x000007FEF64D1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2672-53-0x000007FEF46D0000-0x000007FEF46E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-60-0x000007FEF4580000-0x000007FEF4592000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2672-59-0x000007FEF45A0000-0x000007FEF45B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2672-58-0x000007FEF45C0000-0x000007FEF45E3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2672-57-0x000007FEF45F0000-0x000007FEF4608000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2672-56-0x000007FEF4610000-0x000007FEF4634000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2672-54-0x000007FEF4670000-0x000007FEF46C7000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2672-52-0x000007FEF46F0000-0x000007FEF476C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2672-51-0x000007FEF4770000-0x000007FEF47D7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2672-40-0x000007FEF48B0000-0x000007FEF5960000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2672-55-0x000007FEF4640000-0x000007FEF4668000-memory.dmp

    Filesize

    160KB

    Download