Overview

overview

10

Static

static

10

grger/Anar...el.exe

windows10-2004-x64

10

grger/Anar...te.zip

windows10-2004-x64

1

Usrs.p12

windows10-2004-x64

7

grger/Anar...oG.dll

windows10-2004-x64

1

grger/Anar...uJ.dll

windows10-2004-x64

1

grger/Anar...qM.dll

windows10-2004-x64

1

grger/Anar...LC.dll

windows10-2004-x64

1

grger/Anar...wp.dll

windows10-2004-x64

1

grger/Anar...uZ.dll

windows10-2004-x64

1

grger/Anar...nG.dll

windows10-2004-x64

1

grger/Anar...TS.dll

windows10-2004-x64

1

grger/Anar...xj.dll

windows10-2004-x64

1

grger/Anar...pi.dll

windows10-2004-x64

1

grger/Anar...s4.dll

windows10-2004-x64

1

grger/Anar...Ya.dll

windows10-2004-x64

1

grger/Anar...Jn.dll

windows10-2004-x64

1

grger/Anar...GA.dll

windows10-2004-x64

1

grger/Anar...DG.dll

windows10-2004-x64

1

grger/Anar...5s.dll

windows10-2004-x64

1

grger/Anar...zK.dll

windows10-2004-x64

1

grger/Anar...2P.dll

windows10-2004-x64

1

grger/Anar...LS.dll

windows10-2004-x64

1

grger/Anar...S1.dll

windows10-2004-x64

1

grger/Anar...rs.p12

windows10-2004-x64

1

grger/Anar...b2.exe

windows10-2004-x64

7

grger/Anar...xe.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    426s
  • max time network
    438s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/02/2025, 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Usrs.p12

  • Size

    1KB

  • MD5

    2a180e4131ced95c6586902e5c0a471a

  • SHA1

    dde87d3d927ebc294854fc0f7eaee7a1735fb729

  • SHA256

    d6bb01668b946fbf19ab99771d942a96cebcbb98d521722091e17d98925fa2cd

  • SHA512

    d936e546114af9f1ce6de1163eea8a40f0f8c15c5bd8f91488e72bb2ac541a0920061fef252db6c8b3c12598b5c75e3522b08b6f47d57e1ad3f0f7c060a7c979

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenPFX C:\Users\Admin\AppData\Local\Temp\Usrs.p12
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4348
    • C:\Windows\System32\mmc.exe
      "C:\Windows\System32\mmc.exe" C:\Windows\system32\certmgr.msc /certmgr:FileName="C:\Users\Admin\AppData\Local\Temp\Usrs.p12"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads