09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2023, 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
Size

15.4MB
MD5

d5bc7e77b7bd6a74f7d8dafe8776a2ef
SHA1

90f4b8462c6ec5415e8ceedb52363c8d4a6d06ae
SHA256

09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462
SHA512

d25fa2da9335c147cd13c795f58a578943eeb4ab0d9ec9faaf6543239609bb553775740c6a419a6fdcace41e609433f5bd3ecc8964a12be2bd33610492dbd721
SSDEEP

393216:3VhgLN/qpGQLRetqfp9tcIdOAbfLt7WNcyJ7es68G:3VhgR/t4Hrt72cy5ib

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4648	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4648	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
4648	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
4648	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
4648	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe

C:\Users\Admin\AppData\Local\Temp\09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
"C:\Users\Admin\AppData\Local\Temp\09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exepack.tmp

Filesize
2KB

MD5
21aa48867766e568147b201473fea385

SHA1
dc1850bc71e0fc490dbe20ac13ec2cebc380c485

SHA256
e9385421108ca10bc9947c245758dc796472453dcbd9c7f616e7d5b784208b35

SHA512
efed7e2653261a8394c834ccda42e24251718d2d879c7a5464b5b6462114b9739d79f6885d13a0832345a7c140879a24241be50e2466e706d29bfa6d66abc1c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\92348d5b60255c1807404911f08098a8.ini

Filesize
1KB

MD5
5ac58ca75a4642c6a08a93040815daa2

SHA1
3750f3124bab4b762c6b44095be5003ed016742f

SHA256
3dc8438858b9db4fc32a3ad3e69b1be2902e604e8bc36cdb0c216d3f9704779e

SHA512
6c2c5cdd6ba4fd7acd7c83b965874b85219c09a79b3857f20c29d1d33ae309ea04397b5ca2801902261c3e9c50e97d747bb8a027e7b8f1023fe2985c56fbd433

Download Submit
C:\Users\Admin\AppData\Local\Temp\92348d5b60255c1807404911f08098a8A.ini

Filesize
1KB

MD5
6fa3bed462f3f2b1c91e19b2728cba12

SHA1
540316478dd167a3475b4eba12ac10b7d2e6d8cb

SHA256
9922b069690809cfb1d3c1879207b6c39d9dfc7cbcd5b727478cb23f66eda251

SHA512
6333d78e5c638c37e5b2da7f47761351c88544f945d967676c8ff3ab46ffff0a0be4ef65e98ebf3c95f4962fe5ced73fd63362a01e1cfb40362636730f91b9c9

Download Submit
memory/4648-133-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/4648-134-0x0000000002030000-0x0000000002033000-memory.dmp

Filesize
12KB

Download
memory/4648-135-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/4648-138-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4648-545-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/4648-546-0x0000000002030000-0x0000000002033000-memory.dmp

Filesize
12KB

Download
memory/4648-548-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4648-549-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download