Malware Analysis Report

2024-12-01 03:05

Sample ID 241108-e4tcgawblk
Target artificer-1.6.0.apk
SHA256 47cf7c673893cb43febb4229a661a36d03ad567327a62a4d322e03dd7401d9cd
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

47cf7c673893cb43febb4229a661a36d03ad567327a62a4d322e03dd7401d9cd

Threat Level: Shows suspicious behavior

The file artificer-1.6.0.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

Enumerates physical storage devices

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 04:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 04:30

Reported

2024-11-08 04:30

Platform

win11-20241007-en

Max time kernel

3s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\artificer-1.6.0.apk

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\artificer-1.6.0.apk

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

N/A

Files

N/A