Analysis
-
max time kernel
150s -
max time network
97s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
-
submitted
20-09-2022 18:31
General
-
Target
449bb3487724f00431acb6e0a33dd9a1104368979333953ed9c24ffad3e3eb21.exe
-
Size
147KB
-
MD5
f0d2237a7a0c665012bbd85e1021c8a7
-
SHA1
9f25b85f6a69a78cdf3305b022770f72b7bc01bf
-
SHA256
449bb3487724f00431acb6e0a33dd9a1104368979333953ed9c24ffad3e3eb21
-
SHA512
c1f625db8281d0f490ddc7507dc1299626eb25d43e835be16a9b130d26e033233f0cbddfb4f52a6ea20574183db369c3f604100588ea5c1aea12b86c0cabf2ca
-
SSDEEP
3072:dhRn3pziDn5dXM7QUcjM3JeJxJgx3jCOj7PBUnqcEhx:NpzifKQOJeJxJgxh6qc
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 19 IoCs
-
Suspicious use of WriteProcessMemory 33 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\449bb3487724f00431acb6e0a33dd9a1104368979333953ed9c24ffad3e3eb21.exe"C:\Users\Admin\AppData\Local\Temp\449bb3487724f00431acb6e0a33dd9a1104368979333953ed9c24ffad3e3eb21.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
-
Filesize
44KB
-
Filesize
32KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
20KB
-
Filesize
36KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
20KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
68KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
68KB
-
Filesize
696KB
-
Filesize
1.6MB
-
Filesize
1.5MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.5MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
52KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
60KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
48KB
-
Filesize
156KB
-
Filesize
136KB
-
Filesize
44KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
28KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
28KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
44KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
36KB
-
Filesize
20KB