Resubmissions
11-12-2024 15:13
241211-sl1wgsxphs 310-12-2024 18:36
241210-w8wrtstkev 310-12-2024 17:54
241210-wgzdms1rdx 10Analysis
-
max time kernel
31s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11-12-2024 15:13
General
-
Target
241209-wte6jawnb1-behavioral1.pcap
-
Size
21.0MB
-
MD5
71ec93443f4d7d8bf391a5b02856c246
-
SHA1
d4847d5a2bd26173da036f0d8a7b851c7e7d128b
-
SHA256
2e5d63057adec0e8d39f369d77f010b03efb0bf16b90cdd05676e346a930d7b6
-
SHA512
3966071c8ab7e0d2e57738814fc7d9da2db0d5ac0e1a7a7d58a55d07419d8d555d4f34c631e8713919d8bbdda632848a5bcf87a16ecaab249c8b38b3d43c505b
-
SSDEEP
393216:cQCU8iszVrdcwEyaqGl0NziHnzXzKuhmdZ8Sk5HQnCxqD:EU8imJdcbZsiHnzjKuhOZOtGtD
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 21 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\241209-wte6jawnb1-behavioral1.pcap1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\241209-wte6jawnb1-behavioral1.pcap2⤵
-