Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19-12-2024 14:36
General
-
Target
SHIPPING DOCS.exe
-
Size
849KB
-
MD5
5a64804962a10779c0719950f5345b89
-
SHA1
2321320b07502e61282a725863db63b2caedb17b
-
SHA256
e08ad43582a8131754e852588855dcf229592e9916d85fd83bcf87ec606be50e
-
SHA512
507d5425bbd63cbde0d5bd6dc319e70efc96c160555cd285b57c46f549cbc112f743af395acc27ae08119736dcffd54a7482426d8aff7aa0bb2982bab3457445
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLjh1ikm8Cy+A3/CFMZHgqB2O:ffmMv6Ckr7Mny5QLjzikLj73qFMZHj
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SHIPPING DOCS.exe"C:\Users\Admin\AppData\Local\Temp\SHIPPING DOCS.exe"1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB