Analysis
-
max time kernel
45s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
31/03/2025, 21:39
General
-
Target
Rebound cleaned.rar
-
Size
7.1MB
-
MD5
36b500a94e380648d5600f1a3c9e7e18
-
SHA1
3d4c1d094ceea523af5140fe01c4e45c346dcb8c
-
SHA256
e632f6bb10cf0c3aa84bb2cddf770d25c887c8e0c213e4cde12edce6f5c3a4de
-
SHA512
58145d9d87c04e427d82daf3819deb5ba279916ec679333bc816727b0c30c5a5894274451854671b1901539a8a789ad04766a2b10ee5a9de2c753e1f09ddec30
-
SSDEEP
196608:EbsOSrF7vviY8PGJTwvWRhrlFzyQmlxcv2d4pq+:zOSrhxZTFRjsQmmp7
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Program crash 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Rebound cleaned.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\Rebound\Rebound\Rebound Server.exe"C:\Users\Admin\Desktop\Rebound\Rebound\Rebound Server.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 7962⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4272 -ip 42721⤵
-
C:\Users\Admin\Desktop\Rebound\Rebound\Rebound Server.exe"C:\Users\Admin\Desktop\Rebound\Rebound\Rebound Server.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 7642⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 688 -ip 6881⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5a74dab3185ca47f60c3eb2a023cbb723
SHA1496e6dd69c241ba662c9d91a6274a1477a4d8f23
SHA2565bd80f95e6698c93044e18885ca1d234cc802b0b1e720d31e1d37b36eb6f4e5f
SHA512508ee8bd337a54ef243a3539f5c64140bc90a7c223c473849cad27ddfbe7b1c6489b72819591c92c5954d59adb91f91dd7f923220d47c9db23e94f72fe2f3d9d
-
Filesize
4.8MB
MD51215f4bd3d67150c9a339e693f73ef21
SHA138524ea5ee304eed197e25799ceb19e2db5e4bc9
SHA256ab9dabcb61d18c22ae9d265955d5aebd013ee6b8b2a00a91b8488bbfb92ee57b
SHA512200fbcb4bc41be2ace086a1f4a86ce64e0a4bb464c1be8e6a4871d410b63265a9e1e9ab00919404254399c6fede055d6082ed2edf0613834eb2b9f794793eb15
-
Filesize
684KB
-
Filesize
4KB
-
Filesize
4.9MB
