5d236ae1c9fcbfe8cc77b0981b4321ba5c83da0c776dd0f1e306643f6196c46f

Analysis

max time kernel
90s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d236ae1c9fcbfe8cc77b0981b4321ba5c83da0c776dd0f1e306643f6196c46f.exe
Size

258KB
MD5

3deebfc58d4c7e7f0b73224b1ae96846
SHA1

ce9cde28fc0655fb7375741674127262f95d5dc5
SHA256

5d236ae1c9fcbfe8cc77b0981b4321ba5c83da0c776dd0f1e306643f6196c46f
SHA512

46bf34f61a962fbfa1d3e390f403f29ccc665605cf4c3ca8a3478c709a734d17fac0fbde65b0e41b24592fac075b208ef97e6a6af673e0b2ba3db76c128d0161
SSDEEP

3072:0sm6DkCCvejdYeO5jwA4gZExUXnV3xqXivXioYDUuw+yCTBydE7J8DVHI:5DkFcdxSeUXV3sSvyvDUj6h7UVHI

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	5d236ae1c9fcbfe8cc77b0981b4321ba5c83da0c776dd0f1e306643f6196c46f.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	5d236ae1c9fcbfe8cc77b0981b4321ba5c83da0c776dd0f1e306643f6196c46f.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\MagicCast.job	5d236ae1c9fcbfe8cc77b0981b4321ba5c83da0c776dd0f1e306643f6196c46f.exe

C:\Users\Admin\AppData\Local\Temp\5d236ae1c9fcbfe8cc77b0981b4321ba5c83da0c776dd0f1e306643f6196c46f.exe
"C:\Users\Admin\AppData\Local\Temp\5d236ae1c9fcbfe8cc77b0981b4321ba5c83da0c776dd0f1e306643f6196c46f.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:1332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1332-132-0x00000000010B0000-0x00000000010DF000-memory.dmp

Filesize
188KB

Download
memory/1332-136-0x0000000001140000-0x0000000001167000-memory.dmp

Filesize
156KB

Download