d922e0d2fffe34a5ac70f70368dec5b9f5971f65830dca87a551e4151f267494

Analysis

max time kernel
102s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d922e0d2fffe34a5ac70f70368dec5b9f5971f65830dca87a551e4151f267494.exe
Size

262KB
MD5

4439c67213abff6f90f2c654ec53598a
SHA1

ec6744aca93d9448edd700002249df9f62078fa9
SHA256

d922e0d2fffe34a5ac70f70368dec5b9f5971f65830dca87a551e4151f267494
SHA512

5545668627f8b0dad1f268bf34923bd52ee2178ad7295f92e71c016bcdaaaa31bfc8cf7803d977dd8abddf9ec3f6b857eff321217e65ef107b11a7501f30d9ba
SSDEEP

6144:qJmftP40X6qU03lvNSjULdO0bPLCAtciLf:qetPWqH3lvNSqw0rWiLf

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	d922e0d2fffe34a5ac70f70368dec5b9f5971f65830dca87a551e4151f267494.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	d922e0d2fffe34a5ac70f70368dec5b9f5971f65830dca87a551e4151f267494.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\JuiceUp.job	d922e0d2fffe34a5ac70f70368dec5b9f5971f65830dca87a551e4151f267494.exe

C:\Users\Admin\AppData\Local\Temp\d922e0d2fffe34a5ac70f70368dec5b9f5971f65830dca87a551e4151f267494.exe
"C:\Users\Admin\AppData\Local\Temp\d922e0d2fffe34a5ac70f70368dec5b9f5971f65830dca87a551e4151f267494.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:5012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5012-132-0x0000000000A60000-0x0000000000A8F000-memory.dmp

Filesize
188KB

Download
memory/5012-136-0x0000000000AF0000-0x0000000000B17000-memory.dmp

Filesize
156KB

Download