Analysis

  • max time kernel
    117s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2024, 03:29

General

  • Target

    manifest.json

  • Size

    1KB

  • MD5

    e1ee4de15f98b2a071d56c3c33c6447a

  • SHA1

    bff531fbedaeded2512ed22111e448c16dab1b20

  • SHA256

    6f393ca0f4a831e573cf6904c4bcbc892dcc827d2bf202864da8b0820224caf9

  • SHA512

    ef2d4e3df0d9256710485c1fce1312d28cd9fd05de28c03ad5b890bbcf499421d4eec6830c4f67cdf38624f6b20cd2b53788edc3d447d84eb39e589587f1ce74

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\manifest.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\manifest.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2432
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\manifest.json"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2720

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          34f601e66cdc124020e7fa8bba6cf136

          SHA1

          990715914341010547e2805d74e8ba35452668f1

          SHA256

          790d99fa06f27b0d128934f6cd7346dd254cfcb9647c4d20e150e6a868b7669e

          SHA512

          15ba80e16498e021b398c53607546159a646f2f870c0026eda462f1958f16986e84b28a8205e34f5a0fa8ed22cf8a5164dc148e64604e617984d9562912440af