Resubmissions

18/01/2025, 02:47

250118-c9zekazras 7

18/01/2025, 02:38

250118-c42mqs1lbr 7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2025, 02:38

General

  • Target

    Project Iconic V3/Themes/Deep Blue Theme/config.gsc

  • Size

    14KB

  • MD5

    55ac410c549f03c32006051475ab65fe

  • SHA1

    0148a632612195040a9d817d4d5b3544354c2673

  • SHA256

    f21c2ea44fa080f301f407f719e04afabfccf7822096383b58f6143610bbfa1d

  • SHA512

    03b29cf20b6464fa339d4dbc8eec4efcf57b03fe2da98b3d63529d4ed64b8a5ae456ba5b8eb8e8b753f9892346a7669ce9a1b06813ae84415035721383d9f0fc

  • SSDEEP

    192:mM1yVqi1C63AP5n/+npbFIEU+lVizXUvy/ipjT/jTkP:mMfuAP5n/epbFIJ+ziqT/jTkP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Deep Blue Theme\config.gsc"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Deep Blue Theme\config.gsc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Themes\Deep Blue Theme\config.gsc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2724

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          8023ff26b2626c96584b2e4e6eac937b

          SHA1

          71acb48c3e9b568e4e30a0bfe740b5d619d6e5d7

          SHA256

          3cdc64df436e4e7533a5d62fe369513e883aa144a28d6b5366c6d5843489763f

          SHA512

          21553e677d2f2a4dd6021b124588aceefeb9f1a81f0c35575bd15b587c5e3b34ae18e822945f979aa83f778ddd90436bf6e57860c5d77a8fe2441551931b1221