3332a269dc87f014664d74980cd47e6603b3f8b4878e9c49f4b92e7076f6ffe6

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2023, 12:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

10.8MB
MD5

d5a47a3807510f55bfc731b0bacbcb1e
SHA1

8b9b85aeeec233bd711ca2da40c30f06e79de677
SHA256

3332a269dc87f014664d74980cd47e6603b3f8b4878e9c49f4b92e7076f6ffe6
SHA512

39d79800e29c8556fcff85f2a254c1ff9698e5b2df8953b1069e40f8f0c4815755386eda8bfe7ef44c8457f236b35fc4c4ad59caf4cff25c9973fc7c2dab2a7c
SSDEEP

196608:gHKuLDXhaKcvnCnfCxL/j0paYCcudu5dEaf9mWD4E0NnFAeSSQydsRPQNgi2K2h7:gdivCnfCa1+QdngXlRl2PQkk+

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2584	tmp.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2584	tmp.exe
2584	tmp.exe
2584	tmp.exe
2584	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\21430330ec759baf43d11626abec7109.ini

Filesize
1KB

MD5
62e7be9d221089f1b49eff2ccc7f029d

SHA1
f2dd8baf40c4c0b025c0efc41b5146e1918a3fb4

SHA256
efcd6b3b53ea22379dd1ee80246264c2e5a4970c14d1676c50c4b1a99d312e91

SHA512
48a5eef6d46634dd00001d938c6fc96398be7cc87ede14254d0a6b2f37cb57d62fe94495e37db16a4b10bbe882e371c48b18f54a6fcc38c21caac39ca6b775bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\21430330ec759baf43d11626abec7109A.ini

Filesize
1KB

MD5
c7625c572201a26d7f6f7b3625df6e33

SHA1
6cbcfc17cfb70e8d21a6cba9feb94cff0875a232

SHA256
480c6c2feef7614db07c91a860d2ce22ff82c29847f797596148448f3d0cc41a

SHA512
857df42d0650da5fcfb60ee3566c79035c13b48c5dce86c5f87900b12b2ee6833c7292a7809a742367e9ea87b30c870e108b5199fddc402c26f269fb1e8fc6c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp.exepack.tmp

Filesize
2KB

MD5
efbbeaf9e8f9fb1315844af8ccad1f9e

SHA1
02f3f3f373d2f3c06e65502e69e7872fd5d326b8

SHA256
bc0ef46577579d3f5af14973073c4abaf5830bcdcc3166bee23e0ed3efd42923

SHA512
f13e54232aab75b5d578d62dde171c88998ec5b264886ea9a0c3a9a92ad3cb7726d3249308e0e258cead828508b767c46375d66ac967e39fdb308f8a88f4ff9f

Download Submit
memory/2584-499-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-501-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-135-0x0000000001F20000-0x0000000001F23000-memory.dmp

Filesize
12KB

Download
memory/2584-495-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-496-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2584-497-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-498-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-133-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-500-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-137-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2584-505-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-506-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-507-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-508-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-509-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-510-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-511-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-514-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2584-515-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download