Analysis
-
max time kernel
15s -
max time network
17s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
02-07-2024 14:01
Behavioral task
behavioral1
Sample
ElectricLauncher.7z
Resource
win10-20240404-en
windows10-1703-x64
4 signatures
150 seconds
General
-
Target
ElectricLauncher.7z
-
Size
51.5MB
-
MD5
cdb5e0ea8a50e1ed5e80f2fc70883550
-
SHA1
b5075928e63a609ca7b61748a989de77fc092439
-
SHA256
01342213b45659a27b48f65b73b7043b84faba91ca8f80963560d824097e5ed1
-
SHA512
73fc72b19754f72ca6122c132851e2a7f95573d7f11a78ac01020a1fdd84e9fe54425de044814f517618224e6c9045ea1316b67f55976f19ae276fbc76e4e8b8
-
SSDEEP
786432:D1hq7lbHq0joZGThd/SLAqWBHK4A5ffZfewdfONYYGfXF6uIfrNaEU8ruVGwQeB+:DW9Hq0jy8hp9qW41ZWq3XF6S8rKB+
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid process 2320 OpenWith.exe -
Suspicious use of SetWindowsHookEx 23 IoCs
Processes:
OpenWith.exepid process 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe 2320 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ElectricLauncher.7z1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx