Overview

overview

7

Static

static

7

2e5916c4b5...ac.exe

windows7-x64

4

2e5916c4b5...ac.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2023 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e5916c4b50f3f7e56d49d2fdff5a3bf2cb4a3fdf46403d815f9a946e36aa1ac.exe

  • Size

    4.7MB

  • MD5

    89c7797b8fe0883049df911b08cdf5fc

  • SHA1

    79598aca41593bce9fe0bc8a9c9e34c61a10849f

  • SHA256

    2e5916c4b50f3f7e56d49d2fdff5a3bf2cb4a3fdf46403d815f9a946e36aa1ac

  • SHA512

    64b3e5819478183d95b496c8ac94dd29040eba579d4445703cdf2187faa6213a295d103e8a546c1f32811043440f4e857ce78c7a6f3d8fe8995b86c250e5c33d

  • SSDEEP

    98304:udvKr7N9PWSwWUYXYrOrvXQe/nJ8V0zRMwr5CrrG7fbGpBS:gmxNWLeXYrOZNrsr+bGnS

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e5916c4b50f3f7e56d49d2fdff5a3bf2cb4a3fdf46403d815f9a946e36aa1ac.exe
    "C:\Users\Admin\AppData\Local\Temp\2e5916c4b50f3f7e56d49d2fdff5a3bf2cb4a3fdf46403d815f9a946e36aa1ac.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:5084

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\ebest.ini
    Filesize

    85B

    MD5

    de7c394a7582f9be6e4c7495cb8cfaec

    SHA1

    b1d2f4bc738d68b5e17d6366a6e001a023d3a73d

    SHA256

    783fdbfd79e22c6bf2eef0ab6905c4c79796d6a4ffa553e656e36457ffdcdab1

    SHA512

    6db12cd4e77cca89ead788a9deb6cb17a8d877f07e671e79950af7fd4697f8030a4128e6f5a69673d742a00240f2f1d741318e7d542cd0583df9648a290a4588

    Download Submit
  • memory/5084-145-0x00000000035A0000-0x00000000035A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5084-135-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download
  • memory/5084-136-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download
  • memory/5084-137-0x00000000035A0000-0x00000000035A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5084-144-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download
  • memory/5084-133-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download
  • memory/5084-134-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download
  • memory/5084-153-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download
  • memory/5084-155-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download
  • memory/5084-160-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download
  • memory/5084-163-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download
  • memory/5084-165-0x0000000000400000-0x0000000001828000-memory.dmp
    Filesize

    20.2MB

    Download