Overview

overview

7

Static

static

1

captainsim...es.rar

windows7-x64

3

captainsim...es.rar

windows10-2004-x64

3

captainsim...tz.ttf

windows7-x64

4

captainsim...tz.ttf

windows10-2004-x64

7

captainsim...ar.ttf

windows7-x64

3

captainsim...ar.ttf

windows10-2004-x64

7

captainsim...ch.flt

windows7-x64

3

captainsim...ch.flt

windows10-2004-x64

3

captainsim...se.flt

windows7-x64

3

captainsim...se.flt

windows10-2004-x64

3

captainsim...ft.cfg

windows7-x64

3

captainsim...ft.cfg

windows10-2004-x64

3

captainsim...on.flt

windows7-x64

3

captainsim...on.flt

windows10-2004-x64

3

captainsim...as.cfg

windows7-x64

3

captainsim...as.cfg

windows10-2004-x64

3

captainsim...mb.flt

windows7-x64

3

captainsim...mb.flt

windows10-2004-x64

3

captainsim...es.cfg

windows7-x64

3

captainsim...es.cfg

windows10-2004-x64

3

captainsim...al.flt

windows7-x64

3

captainsim...al.flt

windows10-2004-x64

3

captainsim...el.cfg

windows7-x64

3

captainsim...el.cfg

windows10-2004-x64

3

captainsim...ay.cfg

windows7-x64

3

captainsim...ay.cfg

windows10-2004-x64

3

captainsim...04.bin

windows7-x64

3

captainsim...04.bin

windows10-2004-x64

3

captainsim...4.gltf

windows7-x64

3

captainsim...4.gltf

windows10-2004-x64

3

captainsim...04.xml

windows7-x64

3

captainsim...04.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 17:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    captainsim-aircraft-m774/SimObjects/Airplanes/CS_B777F_GE110B1/flight_model.cfg

  • Size

    34KB

  • MD5

    ad8b4bec66951cfef70f37418ade14c9

  • SHA1

    6c2edcd11f9674d5317183ec64c6dfb75e2df8e7

  • SHA256

    b56abe33cb23cf5aea0c7f63a40078b2977ce445b815ddf10219b7a93bcefdca

  • SHA512

    4bbbe6f04d45b15155a6e6190aea14b3e4b560bcd842a73eb16f23e3cc234a7d8e95c09d5003d3fdcb176d21cb1e32293782105020015797f0afb78a5cb42947

  • SSDEEP

    384:jJxlDhtm7rk6lf7n1ftDzqTQ50BcZmGtW3EPJEzMLlIV+hYFfxLE:BDDCrk6lfz1lDzqTRGtME1LlJYlxLE

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\captainsim-aircraft-m774\SimObjects\Airplanes\CS_B777F_GE110B1\flight_model.cfg
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\captainsim-aircraft-m774\SimObjects\Airplanes\CS_B777F_GE110B1\flight_model.cfg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\captainsim-aircraft-m774\SimObjects\Airplanes\CS_B777F_GE110B1\flight_model.cfg"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    8c2d502213b4651912dea03ca7a4b98b

    SHA1

    6ad8934e962e36851ccac4258776718ce55b7078

    SHA256

    03d1b279146dbab64eb6ff2b2cc39c180480e8cdcadb87c5fffd527b67c7137a

    SHA512

    21b5794d97a5294670e073dead2d9b9c274b58b8d91104b79af13c1218da04b19631c712921f827259db5771af9fa54b1b31cdf7a57b0544961bdae02d033861

    Download Submit