Analysis
-
max time kernel
150s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
12-06-2023 20:50
Behavioral task
behavioral1
Sample
afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
Resource
win10v2004-20230220-en
General
-
Target
afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe
-
Size
739KB
-
MD5
ba69211f77b4f7f6fb4cebe11a381060
-
SHA1
e8ebed16783fc96f7914f76136bfc31afde7532f
-
SHA256
afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868
-
SHA512
030bca28fb3c9cf1e654987b75678d2d9547fa5dff68591516e90933bc95b6235609c9b46db01ae5ad40960678782079e9cd45dc40ddd5fa40db1f62f8c5766d
-
SSDEEP
12288:WnF4QZth68k2PiEYlJE8ZblbK/uxMdSneGoRWf5geGzDNqcJ1CwoZznZeKk9tkxt:WnqQZtpk2Piv5zO/3dSnQWf55GfNqcTC
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
Processes:
afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exedescription ioc process File created C:\Windows\ldsm.ini afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe File opened for modification C:\Windows\ldsm.ini afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exepid process 1560 afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe 1560 afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe 1560 afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe 1560 afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe 1560 afefa30a8cdf18d79896d63cc3151408a69529494b68b9574ab6844342b9d868.exe