Overview

overview

7

Static

static

3

itarmykit-win-x64.exe

windows7-x64

7

itarmykit-win-x64.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows7-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

3

IT Army Kit.exe

windows10-2004-x64

7

LICENSE.electron.txt

windows7-x64

1

LICENSE.electron.txt

windows10-2004-x64

1

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

chrome_100...nt.pak

windows7-x64

3

chrome_100...nt.pak

windows10-2004-x64

3

chrome_200...nt.pak

windows7-x64

3

chrome_200...nt.pak

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows10-2004-x64

1

icudtl.dat

windows7-x64

3

icudtl.dat

windows10-2004-x64

3

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows10-2004-x64

1

locales/af.pak

windows7-x64

3

locales/af.pak

windows10-2004-x64

3

locales/am.pak

windows7-x64

3

locales/am.pak

windows10-2004-x64

3

locales/ar.pak

windows7-x64

3

Analysis

  • max time kernel
    91s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-10-2024 20:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/app-64.7z

  • Size

    88.8MB

  • MD5

    083bc2fc2f9698998464a883884d2815

  • SHA1

    e9bca5f4aba4a5e65514967b1ad321c30aa8ac59

  • SHA256

    6730f0b45aaacff014bcb36ba4b3ec1219cb1c369e9c9ed5cc50e22a3c3d72f4

  • SHA512

    79c8477f346bbccc2554b31eb52791db1af86fbb256694b1ce119d5bc23d85fd206c3bf3443040af4602e4f4ac24a918f302f6c8326458662742794e6530034f

  • SSDEEP

    1572864:d/xlZ1DRy+2lduoWWazQZ0fpONinTIXK7hqsRvb58G3IQZubDvWjIaTR:hTTdO4nsa7lZvQDu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z
    1⤵
    • Modifies registry class
    PID:1848
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads