9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin

General
Target

9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe

Filesize

5MB

Completed

09-10-2020 13:11

Score
6 /10
MD5

127e7dce984cc0acea750746b485c101

SHA1

2e920f4583c38f811fdad739ebaf5064badec42d

SHA256

9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d

Malware Config
Signatures 3

Filter: none

Discovery
  • Enumerates connected drives
    9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

    Reported IOCs

    descriptioniocprocess
    File opened (read-only)\??\M:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\N:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\V:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\W:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\H:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\G:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\I:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\J:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\P:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\Q:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\T:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\Z:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\A:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\K:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\L:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\O:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\R:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\U:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\X:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\E:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\F:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\S:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\Y:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    File opened (read-only)\??\B:9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
  • Suspicious behavior: EnumeratesProcesses
    9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe

    Reported IOCs

    pidprocess
    34889f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    34889f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    34889f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    34889f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
  • Suspicious use of AdjustPrivilegeToken
    9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe

    Reported IOCs

    descriptionpidprocess
    Token: SeDebugPrivilege34889f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d.bin.exe"
    Enumerates connected drives
    Suspicious behavior: EnumeratesProcesses
    Suspicious use of AdjustPrivilegeToken
    PID:3488
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Replay Monitor
                        00:00 00:00
                        Downloads