0a560fa01d6e4eb30fe35be3b07e8024df212840d188bea1b2c047a6f0ffe2af

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
01/08/2023, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Apt4bghcfgghbc1_browsingExe.exe
Size

9.0MB
MD5

07db6a7c01296be061a04820b0526656
SHA1

8fa2a7fa6e77a498a046df0b5537d9a308e5e45b
SHA256

0a560fa01d6e4eb30fe35be3b07e8024df212840d188bea1b2c047a6f0ffe2af
SHA512

357c3edb5a95628286539ca58a7b56c04846d3f74a0483203aa13487b388bf5fdcfa6cb828adac1847b07d05e670368c7a03535630917c9e98faccfead1351af
SSDEEP

98304:DxWbWjCKci+uyw1qDpsj97nsQ6rpKBFnAac3KaEMfHzjzCbBh+pJzg7hBP+qsIws:lgTwKWpOrYTAadMnzCb/VFV9

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	Apt4bghcfgghbc1_browsingExe.exe
File opened (read-only)	\??\A:	Apt4bghcfgghbc1_browsingExe.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2676	Apt4bghcfgghbc1_browsingExe.exe

C:\Users\Admin\AppData\Local\Temp\Apt4bghcfgghbc1_browsingExe.exe
"C:\Users\Admin\AppData\Local\Temp\Apt4bghcfgghbc1_browsingExe.exe"
1⤵
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...