Analysis
-
max time kernel
296s -
max time network
325s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 22:52
General
-
Target
api-docs/_static/css/badge_only.css
-
Size
3KB
-
MD5
b079ffdefa644b4400f394fc27439f01
-
SHA1
a32b9b681626479775f9e7567f66535c982a18dc
-
SHA256
446d92df868859d07286f10a7bcf80aa89d72914c6b6d17b9bd6be181ee9a22d
-
SHA512
7444043434ac76844d9bd38de34dcb902633b99c4864dc453e23c02c7028141e2f456c97dd38e7873d176faa5cc469ae4e788ba12d9a8451e3c666c0e81b8bfa
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\api-docs\_static\css\badge_only.css1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\api-docs\_static\css\badge_only.css2⤵
-