Analysis
-
max time kernel
31s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
-
submitted
23-06-2023 22:56
General
-
Target
BruteForcers PACK/BruteForcers PACK/Spotify Brute Checker By ACTEAM/WebDriver/Launcher.exe
-
Size
53KB
-
MD5
c6d4c881112022eb30725978ecd7c6ec
-
SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
-
SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
-
SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
-
SSDEEP
768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\Spotify Brute Checker By ACTEAM\WebDriver\Launcher.exe"C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\Spotify Brute Checker By ACTEAM\WebDriver\Launcher.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5rybzoop.wt4.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
memory/3580-139-0x0000000004BC0000-0x0000000004BD0000-memory.dmpFilesize
64KB
-
memory/3580-135-0x0000000004AC0000-0x0000000004B52000-memory.dmpFilesize
584KB
-
memory/3580-136-0x0000000004DF0000-0x0000000004DFA000-memory.dmpFilesize
40KB
-
memory/3580-137-0x0000000004BC0000-0x0000000004BD0000-memory.dmpFilesize
64KB
-
memory/3580-138-0x0000000006250000-0x00000000062CE000-memory.dmpFilesize
504KB
-
memory/3580-133-0x0000000000250000-0x0000000000264000-memory.dmpFilesize
80KB
-
memory/3580-134-0x0000000005190000-0x0000000005734000-memory.dmpFilesize
5.6MB
-
memory/5116-141-0x00000000053A0000-0x00000000059C8000-memory.dmpFilesize
6.2MB
-
memory/5116-142-0x0000000004D60000-0x0000000004D70000-memory.dmpFilesize
64KB
-
memory/5116-143-0x0000000004D60000-0x0000000004D70000-memory.dmpFilesize
64KB
-
memory/5116-144-0x0000000005A00000-0x0000000005A22000-memory.dmpFilesize
136KB
-
memory/5116-145-0x0000000005BA0000-0x0000000005C06000-memory.dmpFilesize
408KB
-
memory/5116-146-0x0000000005C10000-0x0000000005C76000-memory.dmpFilesize
408KB
-
memory/5116-140-0x0000000004D00000-0x0000000004D36000-memory.dmpFilesize
216KB