Analysis

  • max time kernel
    147s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    13-05-2021 12:55

General

  • Target

    204308e00ecfd13d39503dc525fccc5393483948e4c8640a1b21d616e1c4ebed.exe

  • Size

    3.9MB

  • MD5

    bca6b95784be22950d3c68f7c021418b

  • SHA1

    a80dbf95d96ab9402e644eb1e271a9431bbc7b53

  • SHA256

    204308e00ecfd13d39503dc525fccc5393483948e4c8640a1b21d616e1c4ebed

  • SHA512

    00db30ff69cb35c301b4a4d52778414e4e176ef183da1da587df63069706cfa0c62d72fa4e010c05241bc25e182c6e5183a40d7e61a2e15924d875068e533f08

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops autorun.inf file 1 TTPs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\204308e00ecfd13d39503dc525fccc5393483948e4c8640a1b21d616e1c4ebed.exe
    "C:\Users\Admin\AppData\Local\Temp\204308e00ecfd13d39503dc525fccc5393483948e4c8640a1b21d616e1c4ebed.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • NTFS ADS
    • Suspicious use of SetWindowsHookEx
    PID:1852

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Lateral Movement

Replication Through Removable Media

1
T1091

Replay Monitor

Loading Replay Monitor...

Downloads