bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2023, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a.exe
Size

12.9MB
MD5

3b291a42dcaf090beba942307ca8b970
SHA1

09619eb8b9407f01d72ada16d17849c560cf8aae
SHA256

bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a
SHA512

584cf1f4cc0e9933a2c0f73e66e2b036b59b7186c2d9099619d5e1cb75a6992fb0979205f4e16762a4358f6c2828392a0f17f52a468caba221e129c7711612bd
SSDEEP

196608:QEbzn1yKTsy0LScY2q6mHwqrfYIj7SEZI3OFtk1+gM2ukFmorPkUUnBgLlvNhf:Hroxe/HwaAISEZIogM2bLPk1W5VN

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4044	bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a.exe
4044	bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a.exe
4044	bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a.exe
4044	bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a.exe

C:\Users\Admin\AppData\Local\Temp\bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a.exe
"C:\Users\Admin\AppData\Local\Temp\bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\96d012be3be7d8333b162802240d96a2.ini

Filesize
1KB

MD5
0f174a34854042fb7da145de2c45b1f1

SHA1
49980acdbdd3a0e91fa2a9be86ba081a83d902e2

SHA256
ff767955d5a7b7ab8149956bfe7bdef938fb1c9af5195a7415a3561d1c92c9e1

SHA512
4e843ce2e6383a4fe285bc91574575b23419dc501042cc0836994e9dbb2735d55a076c1a6a4a318bafbd18bfaa7667efdbb717b3b1afaf0f84bb88523b1d425c

Download Submit
C:\Users\Admin\AppData\Local\Temp\96d012be3be7d8333b162802240d96a2A.ini

Filesize
1KB

MD5
440d1013b7d901c6d36bdda83ecf6d97

SHA1
9869369bd47c7903c01d9d1b4c8d2acb483a7936

SHA256
38a4e0c17fa16216c81c4ba0a9cec6708c728ca1215e0b6244bd4129d519b6c8

SHA512
014fd73d28e6533735aada7ed03a31eb2d15ab0d9d2629b42f5e72b252c1c5cf95df2bfba93892b2e5abb90ff7915b5f1767fef212974a58fbb036b99de33c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc2d002a880677ba93463f13725d55d03427b7e84ccd4b8daef424bf533b993a.exepack.tmp

Filesize
2KB

MD5
3d17e48ad9d157f02c8280420e791fda

SHA1
32d3fd64b69205052365127a298e7141a07140e5

SHA256
b68f3946eb230a1cb7e6cbf8b2e8bf86f6d2ac79612cfaba64b7b6f22c0f9b65

SHA512
c062d41054728e91a580783ddd165b26c5a3d91389f050fbdfd59bf6047b9f73de12776dc115d9a6a0b4d7a5fbb3c099cf28cf983c7171df490c340cf7239b38

Download Submit
memory/4044-133-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/4044-134-0x0000000002380000-0x0000000002383000-memory.dmp

Filesize
12KB

Download
memory/4044-135-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4044-481-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/4044-482-0x0000000002380000-0x0000000002383000-memory.dmp

Filesize
12KB

Download
memory/4044-483-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download