Analysis
-
max time kernel
92s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16-12-2024 22:34
Behavioral task
behavioral1
Sample
629f9e70b58afec57d995fc86da4dfb3b3f57fd5202a08b0a26d4be625f40a05.apk
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
629f9e70b58afec57d995fc86da4dfb3b3f57fd5202a08b0a26d4be625f40a05.apk
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
629f9e70b58afec57d995fc86da4dfb3b3f57fd5202a08b0a26d4be625f40a05.apk
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral4
Sample
629f9e70b58afec57d995fc86da4dfb3b3f57fd5202a08b0a26d4be625f40a05.apk
Resource
win11-20241007-en
General
-
Target
629f9e70b58afec57d995fc86da4dfb3b3f57fd5202a08b0a26d4be625f40a05.apk
-
Size
591KB
-
MD5
85d4cd1aa3b96c12cfca866a60a18369
-
SHA1
e342a09ac9498758bf5f2780672ab389057a1554
-
SHA256
629f9e70b58afec57d995fc86da4dfb3b3f57fd5202a08b0a26d4be625f40a05
-
SHA512
71ebe6533a6e472333dcd69a7236cdecc69cb8d1bc14979adec1534c9480cdc352ec935204230d42bcd5ec9af45350d4aa66ea374c2461e101dfa19d36e2d5df
-
SSDEEP
12288:vOUWc4yiz0563G+r0Lusi1BK3+jDG+r0BRnYOAHOA9V7tkw3SDxrlW+js:vmcFq3FwEkOjDFwfYOyD9f3SDBTjs
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1092 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\629f9e70b58afec57d995fc86da4dfb3b3f57fd5202a08b0a26d4be625f40a05.apk1⤵
- Modifies registry class
PID:844
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1092