Overview

overview

10

Static

static

10

7e9c54a294...cf.elf

windows11-21h2-x64

3

Resubmissions

10/03/2025, 02:32

250310-c1rncszms6 10

10/03/2025, 02:32

250310-c1dfqszl17 10

Analysis

  • max time kernel
    424s
  • max time network
    430s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/03/2025, 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e9c54a294c4bde2a405d9eed1717a20e2c182014b68aa34aef2b3d00bc1dacf.elf

  • Size

    125KB

  • MD5

    f4a3eead7fc9ca7164d961861482da25

  • SHA1

    b883aebf5d81024e0f6410ecc0a61fd2c2906726

  • SHA256

    7e9c54a294c4bde2a405d9eed1717a20e2c182014b68aa34aef2b3d00bc1dacf

  • SHA512

    3df96d8cff684392ba9fc65542e859d10466512d94c4941b02025ece52d84ac09b1eafa0b9046b8ac5875499a1ec2f1c2f20820f2ad54be157a2e43a5c08dd06

  • SSDEEP

    3072:RJXsDiU0lpN+gt2vt/VvjbipLBP+/eylaICp:m0lpN+LvtwL3ylaTp

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 16 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\7e9c54a294c4bde2a405d9eed1717a20e2c182014b68aa34aef2b3d00bc1dacf.elf
    1⤵
    • Modifies registry class
    PID:3364
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4224
    • C:\Program Files\Microsoft Office\root\Office16\Winword.exe
      "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\7e9c54a294c4bde2a405d9eed1717a20e2c182014b68aa34aef2b3d00bc1dacf.elf"
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:3908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCD2D84.tmp\sist02.xsl
    Filesize

    245KB

    MD5

    f883b260a8d67082ea895c14bf56dd56

    SHA1

    7954565c1f243d46ad3b1e2f1baf3281451fc14b

    SHA256

    ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

    SHA512

    d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    3KB

    MD5

    0f121896ae6bf6ca4f142ca14f8419cd

    SHA1

    4c201c0816b7cc59ad4d053b8b106fcaa53d061c

    SHA256

    7cb85fafb557bb4fbf535c01329172f1ad40e71750c648863d4ba2ab7b66899c

    SHA512

    791be7406047d120fb26950728d0979ab6530930988d8566bc951415e47be5f55041bdedb97a7c68f9d0941e5f476e3ea817748ddf5b2c62f696d1f425b596e9

    Download Submit

  • memory/3908-6-0x00007FFD03C30000-0x00007FFD03C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-1-0x00007FFD063B0000-0x00007FFD063C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-0-0x00007FFD063B0000-0x00007FFD063C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-5-0x00007FFD03C30000-0x00007FFD03C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-4-0x00007FFD063B0000-0x00007FFD063C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-2-0x00007FFD063B0000-0x00007FFD063C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-3-0x00007FFD063B0000-0x00007FFD063C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-163-0x00007FFD063B0000-0x00007FFD063C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-164-0x00007FFD063B0000-0x00007FFD063C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-166-0x00007FFD063B0000-0x00007FFD063C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3908-165-0x00007FFD063B0000-0x00007FFD063C0000-memory.dmp

    Filesize

    64KB

    Download