Analysis

  • max time kernel
    183s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 01:14

General

  • Target

    c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.exe

  • Size

    127KB

  • MD5

    1cb8ed30a8b823c97e756093fca979a0

  • SHA1

    618cf805207bba375ce1cfc43f8529cc54733178

  • SHA256

    c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968

  • SHA512

    059ea6cf79b818767dc31fef6f9daf482fba3365f7b61790f5b96e2f29988be336a37aabc11ccfe757bd87793ae0c75adc03db5b96c346cdea6f8551ca0b4c34

  • SSDEEP

    1536:554Q19FUR8N01/H5WXDBVAEejK2Jsno/m/S4XN54Q19FUR8N:T4SAR8NmgFdAQyV4X4SAR8N

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Drops startup file 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.exe
    "C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.exe"
    1⤵
    • Drops file in Drivers directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Windows\SysWOW64\drivers\lsass.exe
      "C:\Windows\system32\drivers\lsass.exe"
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Drops startup file
      • Enumerates connected drives
      • Suspicious use of SetWindowsHookEx
      PID:2116
    • C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.~tmp
      "C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.~tmp "
      2⤵
      • Executes dropped EXE
      PID:4312

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.~tmp

    Filesize

    63KB

    MD5

    3dacf372b044e128fbf5025d5259fca7

    SHA1

    dbc538db7f624e7c369ded814fe36e2cee0bf335

    SHA256

    97b519a4b3612573fc0691b881d091c1591a0fea831ed85b44ec1bef79346133

    SHA512

    b569b395a1d218b01803e83a6c79af8b5708f2b47daef0e02d80c825278c67f68609e47f3b12c86859e3d0b2ad76250cdaee97d1a555276f5cbb37c3da985bcd

  • C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.~tmp

    Filesize

    63KB

    MD5

    3dacf372b044e128fbf5025d5259fca7

    SHA1

    dbc538db7f624e7c369ded814fe36e2cee0bf335

    SHA256

    97b519a4b3612573fc0691b881d091c1591a0fea831ed85b44ec1bef79346133

    SHA512

    b569b395a1d218b01803e83a6c79af8b5708f2b47daef0e02d80c825278c67f68609e47f3b12c86859e3d0b2ad76250cdaee97d1a555276f5cbb37c3da985bcd

  • C:\Windows\SysWOW64\drivers\lsass.exe

    Filesize

    32KB

    MD5

    669ffd1dd6fb7a0e4ddbc3ad3b76507b

    SHA1

    372820d6b9350ad629a489d49876d8bd422b8f31

    SHA256

    7dc487e762e55ffa601480c4bc7948f85fcd4f025665ff599060ec1f81d7e986

    SHA512

    cd69694ad3316c768dbe0d1514060870568c67a50785b38d402eb16e94740c5ae351eb6d47284630a2505fac50c9777bedef85608571c85385b1b9c1f12d73f5

  • C:\Windows\SysWOW64\drivers\lsass.exe

    Filesize

    32KB

    MD5

    669ffd1dd6fb7a0e4ddbc3ad3b76507b

    SHA1

    372820d6b9350ad629a489d49876d8bd422b8f31

    SHA256

    7dc487e762e55ffa601480c4bc7948f85fcd4f025665ff599060ec1f81d7e986

    SHA512

    cd69694ad3316c768dbe0d1514060870568c67a50785b38d402eb16e94740c5ae351eb6d47284630a2505fac50c9777bedef85608571c85385b1b9c1f12d73f5