Analysis
-
max time kernel
151s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
26-07-2023 17:03
General
-
Target
x64.elf
-
Size
130B
-
MD5
b56959ff164d8f7ba900dd34b6441e96
-
SHA1
4ac524eb4b5a1393e815148bc15f1eb92b368924
-
SHA256
26f6af63d50641c16e65d7fe22e8675e0ecd4ffddf9fd1fc3652d862ef4e8f8e
-
SHA512
ebce3ea370d67f5a9202babc2fc58c5d9f1e301c3ca1de5ad30cb2e4273076005f2f8fa38d5340e60efffb03a894a462b6d88836fa82e1ba7205ca4169a57bd3
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\x64.elf1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\x64.elf2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\x64.elf"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD5dda07bbba8913a05a36994d50846d4c2
SHA1ca46e3b7dd874f3912b79f5eaf41dcc86545ea34
SHA256b51e903d0cced27b7f8d383a43e888b26fc0809e3b993a7f0eccc055a81ac54d
SHA51268b195a889891af1f28b169bfedc7681e64c6a4528f0454426fdf4ce02564dd1e9de859bbc28e8e44db9588163a50987d9eb3c7d37cd1e486bd666809599629f