afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868

Analysis

max time kernel
150s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-06-2023 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
Size

739KB
MD5

ba69211f77b4f7f6fb4cebe11a381060
SHA1

e8ebed16783fc96f7914f76136bfc31afde7532f
SHA256

afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868
SHA512

030bca28fb3c9cf1e654987b75678d2d9547fa5dff68591516e90933bc95b6235609c9b46db01ae5ad40960678782079e9cd45dc40ddd5fa40db1f62f8c5766d
SSDEEP

12288:WnF4QZth68k2PiEYlJE8ZblbK/uxMdSneGoRWf5geGzDNqcJ1CwoZznZeKk9tkxt:WnqQZtpk2Piv5zO/3dSnQWf55GfNqcTC

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

Processes:

afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe

description	ioc	process
File created	C:\Windows\ldsm.ini	afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
File opened for modification	C:\Windows\ldsm.ini	afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe

pid	process
1560	afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
1560	afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
1560	afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
1560	afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
1560	afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe

C:\Users\Admin\AppData\Local\Temp\afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
"C:\Users\Admin\AppData\Local\Temp\afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1560

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1560-54-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-56-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-55-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-60-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-61-0x0000000001E30000-0x0000000001E40000-memory.dmp

Filesize
64KB

Download
memory/1560-62-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-67-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-68-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-69-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-70-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-71-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-72-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download
memory/1560-75-0x0000000001E30000-0x0000000001E40000-memory.dmp

Filesize
64KB

Download
memory/1560-78-0x0000000000400000-0x000000000063E000-memory.dmp

Filesize
2.2MB

Download