e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
Size

96KB
MD5

75fa5f58c0ed4f3b7232cdb8c4df0c20
SHA1

406025fd2b74db7e9c72de8ed2d2ad3f5013d455
SHA256

e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887
SHA512

c4fa4bb4699e4ba7ac9714faf51034fa56d0a0615cc8314828e66cf83a506482aa230eeecb20b79f67ad3d2edee103b17eee90fc7c002dc5b2eb8f0e37131af3
SSDEEP

1536:rnMq9kOQCYwsIPB8yAGVVyLH5GxVkbq10MyxiZYQxvNCQZEwaamdGPy5p1ui:LJfuq8IzyLHIDkbq1GulNCDAmkPop1d

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Windows directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win32dc\Half-Life 2_hack.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\UT2004_crack.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File opened for modification	C:\Windows\win32dc\UT2004_crack.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\Half-Life 2(cheat).exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File opened for modification	C:\Windows\win32dc\Silent Hill 4(fix).exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File opened for modification	C:\Windows\win32dc\Sims 2 + serial.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File opened for modification	C:\Windows\win32dc\Sims 2(serial).exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\Half-Life 2 + patch.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2 trainer.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\BattleField 1942_serial.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\Sims 2 + serial.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942 cheat.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2 + patch.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\Half-Life 2 trainer.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\Half-Life 2_hack.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2(cheat).exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\Sims 2(serial).exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\BattleField 1942 cheat.exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
File created	C:\Windows\win32dc\Silent Hill 4(fix).exe	e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe

C:\Users\Admin\AppData\Local\Temp\e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe
"C:\Users\Admin\AppData\Local\Temp\e27e498ba23b0d8944ffb8608eb0c954bf3ac5968e0983e821cef3572d56a887.exe"
1⤵
- Drops file in Windows directory
PID:4152

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads