Analysis
-
max time kernel
102s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
17-11-2024 08:04
General
-
Target
Malware Samples/63e5798be7ba715c481aec7b2399f766.danger
-
Size
185KB
-
MD5
63e5798be7ba715c481aec7b2399f766
-
SHA1
275396d629861e030011c0155acc891f756456ef
-
SHA256
2b2aabaebbcaef76b058319870490f2dec8e950f8fd6533ffb8ed9c940d434a2
-
SHA512
0053de77dd10854c2480bc8319751198c34ea5fb142407b89de79024d51dfca1bd3e85ab193518e8dbf77a18e3ae6a83c9e7ce684c4164e2aee021de331fb415
-
SSDEEP
3072:Hy2y/GdyjktGDWLS0HZWD5w8K7Nk9KD7IBUTFlsRZzpr3MBIBmXnoCGHkB/occ:Hy2k4ztGiL3HJk9KD7bTFlsDpr8BIBmm
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Malware Samples\63e5798be7ba715c481aec7b2399f766.danger"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Malware Samples\63e5798be7ba715c481aec7b2399f766.danger2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Malware Samples\63e5798be7ba715c481aec7b2399f766.danger"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD55854900e39c4aa1751afadfc9074560f
SHA1e5472d5e66ba3f2d2fd06f91ee7c6e70c38703a9
SHA256a372e908225031f2a4e527c5db21121213bd01933d01d643491fa7efc5fa5f1a
SHA512f574e2edd502da345828ec4f030396e4e3fc6ecb3e469664a84d98e9c520eb59a210e1ba9ac9940534d88fe3132e461039614c03727839147e13e35f897e9619