Analysis

  • max time kernel
    104s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2024 20:24

General

  • Target

    Release/scripts/Sine Wave.lua

  • Size

    1KB

  • MD5

    0bbb2aebfadc119226992045dcaa30b4

  • SHA1

    6939f7c1f4fa7ac0f81e9dabef32fdb24d120e72

  • SHA256

    a5f5aca3ac216ac9040d0425eb52b1465674d8cd79d928474562d9a644ff4f0b

  • SHA512

    b433ad6f5d365c58e2260588fae7a3cbecbfe734daff125ce18b6673c629c1b6bccd6142ea49c2c77d57dbe9ab2d02b2897fd2d7c592d524952a62348715bbf8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Release\scripts\Sine Wave.lua"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Release\scripts\Sine Wave.lua
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Release\scripts\Sine Wave.lua"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    e204453b448c633925b46dcede013736

    SHA1

    cb073cf949e0e4f359fed09468ba0cf9f0501c71

    SHA256

    0aef8e5637ee4b56c01bf6c8c87c16478dfe27762c79eb0fa7840a9c1311d821

    SHA512

    36c847221e23f9d86138eefa2c0e4f31de40ab6f972967e0901bd8c0cbb173b5d5274a1b8616bf2c2e614a896e0ce52c3a00898a7e9356eaa91d0c155b615e45