Analysis
-
max time kernel
1440s -
max time network
1457s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
27/11/2024, 17:25
General
-
Target
riptweakcracked/chrome_200_percent.pak
-
Size
174KB
-
MD5
d88936315a5bd83c1550e5b8093eb1e6
-
SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee
-
SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25
-
SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2
-
SSDEEP
3072:YDQYaEqQZUYUJP1N3/nXCWZQCPxBVrfR54x5GMR+F44ffbdZnYw9p4AbIVGYoDdR:YDQYaRyY1NPyCt9gx5GMRejnbdZnVE6j
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\riptweakcracked\chrome_200_percent.pak1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\riptweakcracked\chrome_200_percent.pak2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\riptweakcracked\chrome_200_percent.pak"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5910f40016536b209dde8d6590146f692
SHA1b58c988c810046da091d93cd89e4be15ea7356f3
SHA256510edabe5b78064b692b94d7f45bf017dc2a42da2bb83e0fd3624fcf59567ed9
SHA51293dce6035c93f1ba46b028be78f4ca83bc15bf4f69ba7728498b9768303fac5094477b6e09493b080382414fd9699524db45c8f7b1a9a22e362355ffc2867fdd