Overview

overview

7

Static

static

3

123.rar

windows10-1703-x64

7

Resubmissions

19-09-2024 07:29

240919-jbcapsxeqk 7

19-09-2024 07:27

240919-jaa19axcje 7

19-09-2024 07:21

240919-h66x5axanb 7

19-09-2024 07:04

240919-hwcxaswenh 7

19-09-2024 07:04

240919-hv496awend 3

19-09-2024 07:00

240919-hs4kvawfqr 3

Analysis

  • max time kernel
    135s
  • max time network
    136s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-09-2024 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    123.rar

  • Size

    4.3MB

  • MD5

    d2d30eb66c8919cb33dd969b3aaff546

  • SHA1

    2719e1527820a076c540f40b4342be09b2e1b66e

  • SHA256

    57d0aa2a1d890f1b58a8b361c7cc2e1ef1829743f9e68a17e0e076b24ee6cb93

  • SHA512

    3fcd0721272d09575452b672bc824a915efe32c9fb72e3357ab00c19b52d91079c02f62096d3b665f607f2afedcdff1f4c82f6e849204a30e28bc7af0d46ec6d

  • SSDEEP

    98304:gCdtJmBbsufP6iry6PXnMtWNQrMob5rJB+n2lb:gCd/0bLfPb26f8QgrJVlb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\123.rar
    1⤵
    • Modifies registry class
    PID:5032
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2772
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4276
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\123\" -spe -an -ai#7zMap30573:64:7zEvent25159
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4948
    • C:\Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe
      "C:\Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1428
    • C:\Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe
      "C:\Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4532

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Desktop\123\internationalPaymentDetails\ActionCenter.dll
      Filesize

      2.8MB

      MD5

      6600755c2a115ab24862611227e83e3d

      SHA1

      2067379db6a1817513c0f5de5640906bb7168f78

      SHA256

      c4b436e2b74e8b98bccf9ec8348fbbd6384d309c5c67d2fb995293d380e9bc31

      SHA512

      fb94b75c6dad7d4d55b79cbbdb8564c0aca5d3ece2a743bbcc169df4070a8444a344c8d221fc5894de85cbc10d555bc4d0cd4a70d91f623bc05d38f9ba94ebe5

      Download Submit

    • C:\Users\Admin\Desktop\123\internationalPaymentDetails\Hoister.dll
      Filesize

      3.9MB

      MD5

      8a526ac02b6071c5cf74d7b88442cada

      SHA1

      7468d665d709baf9f5d4bc76465a84f13723beb2

      SHA256

      69e3ef284301526f65711083898f3e3c8ed5001f96d59c59a6bff1456c6166db

      SHA512

      2a81735d205097e0d16b254b9f0299c5ef84033d1447b6da03476001860ba4c92a6b8b8ad4e6262d35e7b1da672582fe9f372569eb55f2c3a6288b00554456d8

      Download Submit

    • C:\Users\Admin\Desktop\123\internationalPaymentDetails\VCRUNTIME140.dll
      Filesize

      107KB

      MD5

      146eb6b29080a212b646289808ae0818

      SHA1

      e5d9801f226ecd3af662df225f751ae8a8934357

      SHA256

      f66c606d2ee6bbca375ab4268b0c6aef5170a4ca580a00e17a56057a7a127743

      SHA512

      0824b42ca2539709f77134ffea9c10fc9f4c126b6a309bd5d3ddd02a660ef98d63b178219d83b173340798c479a1008c2d4f57830898673043fee2450a210a58

      Download Submit

    • C:\Users\Admin\Desktop\123\internationalPaymentDetails\cors
      Filesize

      281KB

      MD5

      fc514d0a4ee2ed23157d0ec1f767d1b0

      SHA1

      c2675e3ac646837e17441b699eb30445053d8b1e

      SHA256

      15a2e189ab11cd32e599eb6aebfca559047a882d5137a39c97f0136f64143bb2

      SHA512

      7f6aa5ae7f17f87a960d40155a05b98d80572f59cfc6b4bee6ccf2383d356977861061400b48aadb91b5cc3ec24da1c6c637f15d72fd1c7fac1bcc2835813b85

      Download Submit

    • C:\Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe
      Filesize

      24KB

      MD5

      dbf001709c85cb1040c86b56dd29e02a

      SHA1

      8d1c67f18756fc93af61c45a7ccdd88554590c4f

      SHA256

      5c5ce4bf348150622adb9f71ed42879c4a5ebf99c94c2be940141d28f2c8275d

      SHA512

      7e59d49be1d670a3b74af5a4340c7d3f041f3a690fbf9d3f35ee9111ae5e6dc56b2486dd8e044f2c88c7d439a35821fa75164e74c7d7456c3e70b78420dc409e

      Download Submit

    • C:\Users\Admin\Desktop\123\internationalPaymentDetails\jli.dll
      Filesize

      3.3MB

      MD5

      e183e315399e95064a29ed71d1dad374

      SHA1

      a1ccec3ca697bdd54faa8224b91c529bd24428a0

      SHA256

      2a11f2efc2b73b145409846a2956f620e76cbc8bd2d3ec023ca9dfa1e63b3ad2

      SHA512

      ec79c813c1ba3f49e8a91abe5aa51a28e1b179e73078d5abc14206a7e9830b969c0f6f6ca010c72d608bc34144f7e8f1be5a36910560ef8058fa23cab225baaa

      Download Submit