cfd8048f1244c8a839a6ecae5d014013d15e4efe1a387869889a2e2def82a3af

Resubmissions

19-09-2024 07:29

240919-jbcapsxeqk 7

19-09-2024 07:27

19-09-2024 07:21

19-09-2024 07:04

19-09-2024 07:04

19-09-2024 07:00

Analysis

max time kernel
127s
max time network
132s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-09-2024 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

123.rar
Size

4.3MB
MD5

d2d30eb66c8919cb33dd969b3aaff546
SHA1

2719e1527820a076c540f40b4342be09b2e1b66e
SHA256

57d0aa2a1d890f1b58a8b361c7cc2e1ef1829743f9e68a17e0e076b24ee6cb93
SHA512

3fcd0721272d09575452b672bc824a915efe32c9fb72e3357ab00c19b52d91079c02f62096d3b665f607f2afedcdff1f4c82f6e849204a30e28bc7af0d46ec6d
SSDEEP

98304:gCdtJmBbsufP6iry6PXnMtWNQrMob5rJB+n2lb:gCd/0bLfPb26f8QgrJVlb

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2036	OpenWith.exe
1080	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\123.rar
1⤵
- Modifies registry class
PID:4520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads