f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2023 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a.exe
Size

10.7MB
MD5

35617d7fa552a2270d6b7de1e1d7aee5
SHA1

d4c7193f208f2ef48e408e7c89156cde212a283b
SHA256

f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a
SHA512

8463a389fa86e6cbd654f850cc503a271f441019a4a18c691caf81fb53065d598f6d1af200749960619ccc49c3d923e2595e3c9588a1b59cac1ecbc10348a33e
SSDEEP

196608:smrORfth5CHrzq/5B1Geje29QKOl+dVKq/pjliS5l/aFzyj+e+F5Jozz7pVswKKb:sC0fpG/qUeipl++8poWlSe+6vjlywmq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1228	f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a.exe
1228	f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a.exe
1228	f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a.exe
1228	f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a.exe

C:\Users\Admin\AppData\Local\Temp\f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a.exe
"C:\Users\Admin\AppData\Local\Temp\f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\26038d13b2cfdb3622a1164ef9dee038.ini

Filesize
1KB

MD5
102b7611d97e9b54c2d9186fdfe8093e

SHA1
0e5b66573376a1d142bd7888d503d6a225700c09

SHA256
3724a79ebe4ff3566186ca92a653144865a7cccca188c7ecbe834fc6377b57b5

SHA512
2391218f587643b6bf1656a0a552226cf899a25c7e941d8ef2aff76aa7f5adf40ed2ca9749e982e385fb5c0404f4e857ad7d9965c03e7cabec1e989e3746ec59

Download Submit
C:\Users\Admin\AppData\Local\Temp\26038d13b2cfdb3622a1164ef9dee038A.ini

Filesize
1KB

MD5
42073a9a8000ac7089de18ffa2bb7dc4

SHA1
125bdeff9dd40770a89f61d9f2c364b1b452ee46

SHA256
32adc02530ef68b7217f03fc3d8d99737265572a65400312604d25a5bcd38a06

SHA512
8b151d92788dafd2d41ff7591c8e8e16985496d8a491b04036e792f3f2c4ea751cf184635d5b002a466da35670bdbc4f92db68a222c9beff8f3a99551aa298d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\f1585ad53c0bb5e1c73570dd54994c7d91403327c9267394bafd9d9eee29616a.exepack.tmp

Filesize
2KB

MD5
59e9da0d744fcc9570ee6adf15707d0e

SHA1
34fa8914e7e2f1a45a9e022f3ee3be81bfdbeb5a

SHA256
509b1f2f4fe2fa372338c3ff54c91cedee7c32d7232191194d81ee033809ec5b

SHA512
133a3b22d843bd58c514ae6b6e97c8d2b9820f3b5d4ae516c6684d6132238facd61a4aebe197afd769af47baa80115e5c81217e1aed94507c5ccc2a5cf4a0533

Download Submit
memory/1228-133-0x0000000000400000-0x0000000001CF6000-memory.dmp

Filesize
25.0MB

Download
memory/1228-134-0x0000000003A80000-0x0000000003A83000-memory.dmp

Filesize
12KB

Download
memory/1228-135-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1228-472-0x0000000000400000-0x0000000001CF6000-memory.dmp

Filesize
25.0MB

Download
memory/1228-473-0x0000000003A80000-0x0000000003A83000-memory.dmp

Filesize
12KB

Download
memory/1228-474-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download