782a2251a6eac363f8624467fe2d744f61f5aee50c091ef977d2b989be00db27

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.x86_64
Size

555KB
MD5

6079e88c476673fb755c429aed883e8d
SHA1

2b9d5bdb6ad4fe6c6fd67b2fc16143e2f0f37315
SHA256

782a2251a6eac363f8624467fe2d744f61f5aee50c091ef977d2b989be00db27
SHA512

857c5d19f268723500597cb9e70d6875fab17c1da4bf8b6c045185c1c4baa0dbd183de77a204bca60f832879af1824514c3886c6b2dc15cdd5d20beea2c41e62
SSDEEP

6144:+nXaMqr8W7wiDlIPffnG9DAxSktkfE083VU23XWqE2qtkZz6r+R2VcP/zzc11:saMqr8W7wkcQQK8O8qtyza+Tzo11

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2732	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2732	2888	cmd.exe	32
PID 2888 wrote to memory of 2732	2888	cmd.exe	32
PID 2888 wrote to memory of 2732	2888	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\.x86_64
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\.x86_64
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads