Analysis
-
max time kernel
24s -
max time network
18s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
28-06-2024 16:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
github.software.1.2.4.7z
Resource
win10-20240404-en
4 signatures
150 seconds
General
-
Target
github.software.1.2.4.7z
-
Size
2.2MB
-
MD5
fc196986c45a667f813f725e47a4286b
-
SHA1
64f7672e8f95ff25ca3a0e3d37327a3abccdd00d
-
SHA256
387bac293a9a682a1bb6058e4468d8f1daeecdca56f99d2f8b1096c4a9073103
-
SHA512
e76736fe6a660071bf7f0cd01b2943653b929f86fba76744461dc47ad7e848aa90bac3a263695b7ef2500917ac32cd0790d56c5a02c185dcb19b97b8c76e1aa8
-
SSDEEP
49152:W0zRTrJROFTEXMMpJcCk5M5HeQMsadFOI2os:prJ2EwCkJQvadFOIY
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid process 4428 OpenWith.exe -
Suspicious use of SetWindowsHookEx 23 IoCs
Processes:
OpenWith.exepid process 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe 4428 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\github.software.1.2.4.7z1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵