70e54b35d9820311a927503d1d4c530689c9678277a21f493be5dda880fa5451

Resubmissions

08/06/2023, 08:00

230608-jv77gsdg2v 7

07/06/2023, 06:45

230607-hh6mfsha86 7

Analysis

max time kernel
130s
max time network
143s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08/06/2023, 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.exe
Size

60KB
MD5

d720952c388ec9d478794d060f3aa0a6
SHA1

bddaec084ea00b16b03fbff8377cd7cd1abb6e81
SHA256

70e54b35d9820311a927503d1d4c530689c9678277a21f493be5dda880fa5451
SHA512

1b2de0189b2ee9b79f1c6c6ea641cc20cf9aafa5bea127918ed46ecd9609d1b477416e93d76083024a56cf76ec1bfac52203aa326732a9865b30747c93f002e5
SSDEEP

768:Apa76VqlKcjF7KjiFb8Vb8fbADbnQOw9v3aFWqYQN1wFTJOo8jH:Apa2pWRKjlb88ni9v3TQN1wHmjH

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\download.lnk	download.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1212	download.exe

C:\Users\Admin\AppData\Local\Temp\download.exe
"C:\Users\Admin\AppData\Local\Temp\download.exe"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
PID:1212

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads