Analysis
-
max time kernel
0s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21-09-2024 01:53
Behavioral task
behavioral1
Sample
kyle cracking.rar
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
kyle cracking.rar
-
Size
7.9MB
-
MD5
c098533414fd886dc4a2a473d2fef1fd
-
SHA1
5a70c788c53c83559d3aa6841532e4046753dd25
-
SHA256
9d9b5187ce3d32ba2d6c1d7f0e3e773ae4ae8886350e7abbbc2aea15d9c8af82
-
SHA512
a8923872a6e9676654dd17ee9cf977f10174cce5412a995c200f91762d329d0b09e8f31ab9f94d4e81857b518b535fbf1d2c4e6d56bcb23adacb3dd82c016366
-
SSDEEP
196608:FU2TZ2pWWhoLoUVl0lSY9DOLAZ/OLA4FGGgy:pINO8zh/F/O/gy
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2520 wrote to memory of 2696 2520 cmd.exe 31 PID 2520 wrote to memory of 2696 2520 cmd.exe 31 PID 2520 wrote to memory of 2696 2520 cmd.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\kyle cracking.rar"1⤵
- Suspicious use of WriteProcessMemory
PID:2520 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\kyle cracking.rar2⤵
- Modifies registry class
PID:2696
-