Overview

overview

10

Static

static

10

HTTP-RAND.js

windows10-2004-x64

3

HTTP-RAW.js

windows10-2004-x64

3

HTTP-SOCKET.js

windows10-2004-x64

3

Hulk.js

windows10-2004-x64

3

MINECRAFT-SLAM

windows10-2004-x64

1

OVERFLOW

windows10-2004-x64

1

cybersec m...ol.exe

windows10-2004-x64

10

destroy.pl

windows10-2004-x64

3

flux

windows10-2004-x64

1

god.pl

windows10-2004-x64

3

home.pl

windows10-2004-x64

3

http1.js

windows10-2004-x64

3

https-spoof.py

windows10-2004-x64

3

hyper.js

windows10-2004-x64

3

ldap

windows10-2004-x64

1

nfo-killer

windows10-2004-x64

1

ntp

windows10-2004-x64

1

Analysis

  • max time kernel
    94s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-11-2024 08:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    home.pl

  • Size

    549B

  • MD5

    6cc1ede4ba43617bcfd11c48c2dd3bdf

  • SHA1

    5b958bc3250d5a3e856be1a618c3c7b57140359b

  • SHA256

    f502d8b3e8135f6833d59619a74b1d3b7522fc1f67cc624c3db85a566fac01cf

  • SHA512

    cd7c01bcf4b47d53abdd55bd816ca3a8f8c08bc4da8783f7b5a4ab6440c4b26b51844ab19074f09a0527c0fd82ee5bf8614f9cd9054d329e5034a847e408e2a3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\home.pl
    1⤵
    • Modifies registry class
    PID:4440
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads