Resubmissions

13/01/2025, 00:07 UTC

250113-aet59aymcl 3

11/01/2025, 23:31 UTC

250111-3h1resxjcl 10

11/01/2025, 23:29 UTC

250111-3g1p2awrgr 10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2025, 23:29 UTC

General

  • Target

    Drivers.tlog/link.command.1.tlog

  • Size

    1KB

  • MD5

    e4cb4b239e1add37d0e07c02a81561c2

  • SHA1

    de0f46b6173f37d8b37ab62d2732f97e9be0d867

  • SHA256

    83ddc68deb107edc2c7340e6cb9f0ab253a0973d1ab7c92f6979fa3513ca1f16

  • SHA512

    d86fe07e8dbe4d1b38e63a9d0494d05850f49b0de65d57e599b9a6e82e73c0fe722350f10836b45efdde6aa2f86b20dbdcace817f18ec680d218a6bd69c8d08e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Drivers.tlog\link.command.1.tlog
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Drivers.tlog\link.command.1.tlog
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1960
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Drivers.tlog\link.command.1.tlog"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    cb5e5a2592a297819327742d5777d844

    SHA1

    2104dce104949d5aeaa9abf4d614e18fe85403a5

    SHA256

    6b6ee7f236311f7bddb4f286d71381eeed996ad3409b3165f6c80d67dc1760bd

    SHA512

    251e7d4cdf0144cf568886e244b8f754019089875d30d8fb55c8f8a00c4767fd7bc89dfc8337a84f6b2d0a241a22260331765622c2e79cbe7ab1e5b6b2127029

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.