c3eaddd9acdd764afda51d1eb11d8a18c13a7f71cf8ac1817c24b752b26f3db1

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3eaddd9acdd764afda51d1eb11d8a18c13a7f71cf8ac1817c24b752b26f3db1.exe
Size

47KB
MD5

316af3c44b3f7140e66d0a041080134e
SHA1

feb989fcd41f8a7ff0720fb21eb3cf13d5af669d
SHA256

c3eaddd9acdd764afda51d1eb11d8a18c13a7f71cf8ac1817c24b752b26f3db1
SHA512

a1c71482c41c973858f7cbd4a93ff330ae6ce81f873d1de5d80114d05e9281859cadf01666c031948f79b232fd599b11241630e5aefae3fea8a28d029e8f0df3
SSDEEP

768:3ZG/Vd4ikiazNTXDAwDNIlel0OgSCsAo16pMQ+ol/xRxe:Q9t65Nyel0iAo16Sol5

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	c3eaddd9acdd764afda51d1eb11d8a18c13a7f71cf8ac1817c24b752b26f3db1.exe
File opened (read-only)	\??\B:	c3eaddd9acdd764afda51d1eb11d8a18c13a7f71cf8ac1817c24b752b26f3db1.exe

C:\Users\Admin\AppData\Local\Temp\c3eaddd9acdd764afda51d1eb11d8a18c13a7f71cf8ac1817c24b752b26f3db1.exe
"C:\Users\Admin\AppData\Local\Temp\c3eaddd9acdd764afda51d1eb11d8a18c13a7f71cf8ac1817c24b752b26f3db1.exe"
1⤵
- Enumerates connected drives
PID:2040

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-54-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download