88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52

Analysis

max time kernel
99s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2022, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe
Size

40KB
MD5

064a8aec1856ac4a92242fcff3dab6b0
SHA1

3cadd874458dfa1fa4b34907daeacb02194cab8b
SHA256

88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52
SHA512

e91e5b58fcbf864bfac014d1245b0ad16f4bf76926a199a8a1fcecc58b3741c3acb3914093a072cbe05f1150c2a9da2e83ce21c81c218f8b242638c252703f6a
SSDEEP

768:K7UuSFW7moK/4Swj/SDGKV/KwWQpPp7lF2ajPBA:eUPFW7C41rSDpPp7lF8

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3284 set thread context of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe
876	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe
876	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84
PID 3284 wrote to memory of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84
PID 3284 wrote to memory of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84
PID 3284 wrote to memory of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84
PID 3284 wrote to memory of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84
PID 3284 wrote to memory of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84
PID 3284 wrote to memory of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84
PID 3284 wrote to memory of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84
PID 3284 wrote to memory of 876	3284	88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe	84

C:\Users\Admin\AppData\Local\Temp\88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe
"C:\Users\Admin\AppData\Local\Temp\88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Users\Admin\AppData\Local\Temp\88b7d2ad04b4cca29122b49f48423c5fa37d11d301d5770415bcee890df84d52.exe
  e|
  2⤵
  - Maps connected drives based on registry
  - Suspicious use of SetWindowsHookEx
  PID:876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/876-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/876-137-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/876-141-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download