Overview

overview

10

Static

static

10

dx9ware.rar

windows7-x64

3

dx9ware.rar

windows10-2004-x64

3

main/loader.exe

windows7-x64

7

main/loader.exe

windows10-2004-x64

8

X8��%~l.pyc

windows7-x64

X8��%~l.pyc

windows10-2004-x64

Analysis

  • max time kernel
    144s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2024 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dx9ware.rar

  • Size

    6.7MB

  • MD5

    446744abf8d06353c59776b59637b749

  • SHA1

    acec5264eccf1fe965a06a42b7b83cf23a00b9dc

  • SHA256

    12875ace11516e11024c731c544e9c2ec0927394d74f58ff2a7508697509038a

  • SHA512

    fd966c375386d92bfad5d84a282bcfb9b48d02fa2b13ac1f39c8110e1785210cb0f0e460c908bd570da9ff93bb5a500c24e1d7de94fe445f74d2def6eaa70c9d

  • SSDEEP

    196608:R42B38106nt1kHM6FuFwU/ZAMv5xp/16et:R42d6xks6FHyH6k

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dx9ware.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dx9ware.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\dx9ware.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2752
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\dx9ware.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2772-30-0x000007FEF5CB0000-0x000007FEF5CE4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2772-29-0x000000013F870000-0x000000013F968000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2772-33-0x000007FEF6EB0000-0x000007FEF6EC7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2772-36-0x000007FEF4E40000-0x000007FEF4E51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-37-0x000007FEF4E20000-0x000007FEF4E3D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2772-35-0x000007FEF4E60000-0x000007FEF4E77000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2772-38-0x000007FEF4E00000-0x000007FEF4E11000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-32-0x000007FEFA300000-0x000007FEFA318000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2772-34-0x000007FEF4E80000-0x000007FEF4E91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-31-0x000007FEF4FD0000-0x000007FEF5286000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2772-39-0x000007FEF4BF0000-0x000007FEF4DFB000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2772-41-0x000007FEF3AF0000-0x000007FEF3B31000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2772-44-0x000007FEF3A80000-0x000007FEF3A91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-48-0x000007FEF3A00000-0x000007FEF3A11000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-47-0x000007FEF3A20000-0x000007FEF3A3B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2772-46-0x000007FEF3A40000-0x000007FEF3A51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-45-0x000007FEF3A60000-0x000007FEF3A71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-49-0x000007FEF39E0000-0x000007FEF39F8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2772-43-0x000007FEF3AA0000-0x000007FEF3AB8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2772-50-0x000007FEF39B0000-0x000007FEF39E0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2772-42-0x000007FEF3AC0000-0x000007FEF3AE1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2772-51-0x000007FEF3940000-0x000007FEF39A7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2772-52-0x000007FEF38C0000-0x000007FEF393C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2772-59-0x000007FEF3770000-0x000007FEF3781000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-62-0x000007FEF2B30000-0x000007FEF2C2F000-memory.dmp

    Filesize

    1020KB

    Download

  • memory/2772-61-0x000007FEF2C30000-0x000007FEF2C41000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-60-0x000007FEF3750000-0x000007FEF3762000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2772-58-0x000007FEF3790000-0x000007FEF37B3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2772-57-0x000007FEF37C0000-0x000007FEF37D8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2772-56-0x000007FEF37E0000-0x000007FEF3804000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2772-55-0x000007FEF3810000-0x000007FEF3838000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2772-54-0x000007FEF3840000-0x000007FEF3897000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2772-53-0x000007FEF38A0000-0x000007FEF38B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2772-40-0x000007FEF3B40000-0x000007FEF4BF0000-memory.dmp

    Filesize

    16.7MB

    Download