Analysis

  • max time kernel
    97s
  • max time network
    215s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    06-12-2024 10:38

General

  • Target

    Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6614978ab256f922d7b6dbd7cc15c6136819f4bcfb5a0fead480561f0df54ca6

  • Size

    21KB

  • MD5

    2f7d8e7c6be2ffecd4b6a48c3d4f73df

  • SHA1

    8dc7a8c88896758d139366fa054ff9ad848270a0

  • SHA256

    6614978ab256f922d7b6dbd7cc15c6136819f4bcfb5a0fead480561f0df54ca6

  • SHA512

    dfe00b0ce2066a5bf40a8c898f0bbaf41a6ec3cebac57cab0acb8380ca9ee8b63a5a0c1f46513798b629ee9a7a97b4fe50080c4ededdd4d12a533fb56ebf12d0

  • SSDEEP

    192:zoW9JVcmrdDApmOo+oWKcMXlWKC3vVXCFuZKCytShvusFF6qVWbgZE5/tHw1s6F3:VvfDdCKzXkS4i4vusFFzV8wE4s

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Trojan\XCSSETMacMalware\TrojanSpy.MacOS.XCSSET.A.6614978ab256f922d7b6dbd7cc15c6136819f4bcfb5a0fead480561f0df54ca6
    1⤵
    • Modifies registry class
    PID:3816
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads