Analysis
-
max time kernel
31s -
max time network
17s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
28/09/2024, 17:43
Static task
static1
Behavioral task
behavioral1
Sample
WorldWarsBeta Setup 1.0.0.rar
Resource
win10-20240404-en
4 signatures
300 seconds
General
-
Target
WorldWarsBeta Setup 1.0.0.rar
-
Size
78.8MB
-
MD5
08ace86d7f212e63333c88171d232c3f
-
SHA1
bb888f296102f9bacb249607d4389ba6439dadfa
-
SHA256
a8094f9f0971cd6da201505cb45b84150df464b62223291016b82bfec3ba09c3
-
SHA512
316d0371346c382fb6aca51aa096a9f1b019bbbec53880bac1a9eeef79f37fdd5ec8ef98ab5e43f666babbb30f9da2143fcba25cd714e9e36fa824f5d28b9c96
-
SSDEEP
1572864:8Du01YxsMwjtIDgQ0A8Cn0k9nNemZ5vxShIC1poOw9Q+bErj5R:ek3wCDt0A0kNvZ2PpVFUE3P
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3672 OpenWith.exe -
Suspicious use of SetWindowsHookEx 23 IoCs
pid Process 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe 3672 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\WorldWarsBeta Setup 1.0.0.rar"1⤵
- Modifies registry class
PID:1504
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3672
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2828