f0b75ebd46b16f8a7b70027489bd12b1e350dc7386eddb1d85256482852deb37

Resubmissions

19/02/2025, 19:33

250219-x9z2baxlav 10

Analysis

max time kernel
124s
max time network
127s
platform
windows11-21h2_x64
resource
win11-20250218-en
resource tags

arch:x64arch:x86image:win11-20250218-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2025, 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arm.elf
Size

77KB
MD5

009e48bb599ed80b52a8a5cc7bcdc975
SHA1

5dfd4288668490822d98968874b39ab63e7e244a
SHA256

f0b75ebd46b16f8a7b70027489bd12b1e350dc7386eddb1d85256482852deb37
SHA512

af89c62c424b234dddf41f547ffe8cb896dcd4744dc4e3712fc8a45fe9124a839a561fc7d0cabfb9aa91d035e8eb0952dcd3467422c71e9eca2677f86976fe82
SSDEEP

1536:Kl3kUVLABJQz6bMbru06RR8gTVYn83ahWnUuqpX5WzEF35mWG:Klt6Ag+n8qhoeXF39

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2287204051-441334380-1151193565-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1468	OpenWith.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\arm.elf
1⤵
- Modifies registry class
PID:5036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5148,i,11614662984397188522,10052431758593679358,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:14
1⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3808,i,11614662984397188522,10052431758593679358,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:14
1⤵
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads