Analysis
-
max time kernel
27s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
29-05-2023 07:07
Behavioral task
behavioral1
Sample
faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exe
Resource
win10v2004-20230220-en
General
-
Target
faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exe
-
Size
3.3MB
-
MD5
71941168e679741c72ed16e6d11afdde
-
SHA1
f4a541a6c2f79422d5ceb712670f7a70f8dc417d
-
SHA256
faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6
-
SHA512
ac5c9d09dffb5ff73c9e84a984680b59c45c6a4291387c3d426e62d5f2fed528a8a882f8c5c4d32dbacd87f7c1e2623885070d4bf0447ff297edde68410d63ff
-
SSDEEP
49152:eR5kCZYmV8HMimGdsx1yTsQkEb11f3Ig+zzwD3WqrxAqsgtBRSC5NmVwD77YT:eRf0HMpukED7+za3M037
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exepid process 1740 faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exe 1740 faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exe 1740 faf8ff1494cd86df68533b06b059f0939d5c9e204169a0ae4e7a55ba99dfe9a6.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\config.iniFilesize
20B
MD59179d9a5b1fab288a4f1f9fbdb0d2e1c
SHA1338cef72da9bc61707a95fc7fb12789cdee6d383
SHA256fa571b6600d9db9fade7fc554ed4796372c3df5756b332ed95c204adcda6871e
SHA51217112244e077ee549287fdc83f5a36a614343d144d95fe4a0f1aae40e71e34fb7bdd428927279d4e4bb4aa72d47bee7a0744c97de0234c3cfa29bfdeaeac96f7
-
memory/1740-54-0x0000000000400000-0x0000000000D27000-memory.dmpFilesize
9.2MB
-
memory/1740-55-0x0000000000400000-0x0000000000D27000-memory.dmpFilesize
9.2MB
-
memory/1740-56-0x0000000000400000-0x0000000000D27000-memory.dmpFilesize
9.2MB
-
memory/1740-57-0x0000000000400000-0x0000000000D27000-memory.dmpFilesize
9.2MB
-
memory/1740-58-0x0000000000400000-0x0000000000D27000-memory.dmpFilesize
9.2MB
-
memory/1740-59-0x0000000000400000-0x0000000000D27000-memory.dmpFilesize
9.2MB
-
memory/1740-60-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/1740-66-0x0000000000400000-0x0000000000D27000-memory.dmpFilesize
9.2MB
-
memory/1740-67-0x0000000000400000-0x0000000000D27000-memory.dmpFilesize
9.2MB
-
memory/1740-68-0x0000000000400000-0x0000000000D27000-memory.dmpFilesize
9.2MB
-
memory/1740-69-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB