1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855

Analysis

max time kernel
151s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2023 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855.exe
Size

15.1MB
MD5

cd489403b06f6f49e831cba9d11c5c2d
SHA1

2fc5df6de3810e7513c2bacfaf626ad6a8d6af2d
SHA256

1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855
SHA512

bb360f20a30ac58a38f5e3165ef8242f1b649bce1631d6e5cb869c39039b55013e05e0478ea5c888a3619e39e8b074eb8e21f0c73c9daaaae6a4b76f990ea34e
SSDEEP

393216:X0RoCI93iOPCv8wOkvZkNV0Z+GQx5jtJSKVLngIXvdWifpm+U:kvVXXZr+d5xDNlffE+U

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
992	1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855.exe
992	1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855.exe
992	1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855.exe
992	1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855.exe

C:\Users\Admin\AppData\Local\Temp\1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855.exe
"C:\Users\Admin\AppData\Local\Temp\1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0e4145746810595388f18351d7794352.ini

Filesize
1KB

MD5
b5565e7d386c6b603bdc6f2e58f22671

SHA1
c22a23d6ec1ff71a0d996559d521968e857fea5c

SHA256
c641241e11d41a88aff0d2fd78d48ffa80f76deaf9e426e4f4c03ecf2f7a8857

SHA512
8ea10e085633107a3db32e907fcc70b8fdcefa831d868a24fd26954ebf1190388e1af7ef45e28916afee8ff0a4803d313b4e4736b511694892555e002efd8b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\0e4145746810595388f18351d7794352A.ini

Filesize
1KB

MD5
01d7253b2811f64aac109b2e21f7bd6b

SHA1
d7a0e1ebe3d67eace273fccc14a684dea2a79a12

SHA256
897c780c9587b3b8c0fa55757b1e3db4b7297007c68a8a91f9257b0393d62d03

SHA512
1aab7f9ff5cf92495f1ec451201a5abe6b357375c8fbf5db536514ccd77fd36d78de974ff3dd0274f145ac593f1d9a85ac8e78779333ef972b42e08eae9782ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\1faac9628c69d45396b85bf8f95506f3f9e854dd55caf707c9c30473ed54b855.exepack.tmp

Filesize
2KB

MD5
d6c74fefb79577121a97843236743763

SHA1
a5a2c22a2c12f60c0911b98048f7085ada16302b

SHA256
a1420653f09ff14e77a93933921714ad4026589f6879b02784e2e24c608fb7b8

SHA512
46eb409538df975eb9d73c0584cfca82ea408585acb2cd55c5bfcfc353c8f5c1c604efc12dc215685bd284de16e422adfd7894e1c0111bbdc30cdff29a35a2c3

Download Submit
memory/992-133-0x0000000000400000-0x0000000001DFB000-memory.dmp

Filesize
26.0MB

Download
memory/992-134-0x0000000001FB0000-0x0000000001FB3000-memory.dmp

Filesize
12KB

Download
memory/992-135-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/992-484-0x0000000000400000-0x0000000001DFB000-memory.dmp

Filesize
26.0MB

Download
memory/992-485-0x0000000001FB0000-0x0000000001FB3000-memory.dmp

Filesize
12KB

Download
memory/992-486-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download