3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 21:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
Size

15.7MB
MD5

0205a7cd17fc5a301a87caaa7579e1c6
SHA1

aa726e2bd87cebc266be8f8deee41e6393a4e329
SHA256

3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d
SHA512

44395f0d6e18e6ecb194b41de97cd31b1d9b217c9dc2fb7fc29338887685ca5bacc4239b37c491e69908aae090781d23577a1b82814b4a87f3064d082ae160c7
SSDEEP

393216:CxYWfzYZogNhKKUjgxQ84IW6os4baOd0qGDlbGB17JPD6Q:COWLZB8xQ84IW6os4bxdXw0B17db

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2148	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
2148	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
2148	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
2148	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe

C:\Users\Admin\AppData\Local\Temp\3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
"C:\Users\Admin\AppData\Local\Temp\3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exepack.tmp

Filesize
2KB

MD5
6b3747ca8078f728fc00dc2796f71fc4

SHA1
bb4b9520301274828143dec26504cd6f37a50cdf

SHA256
fa41dfa196c78b00dec06b3dddab74675c584ba4e67b0e9b28ecf0539a5cd6d5

SHA512
4622a257a09df52b3f9745d58ad94ae32f90f2a97d4e7233dc2a4ae6de09d5e447bcb5eaae36fd3fe976e2515f102b68472db79b25e6f1cc3fde6f82fa2d1fc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d82710a08b751f3c5867b26592d6f8d8.ini

Filesize
1KB

MD5
0b71fd9a1e78f49edbcf6511b831a4f6

SHA1
d2058875b71ac0dd8b3ee32cf79e536b4bd3ffc5

SHA256
48c6f5e8fe0e915678a7febf3b2b931dcfb9e008aac55e98bed7bbc415a9beb8

SHA512
24357b4db00fb670045eff90e80cab1c2447cd529be41a2576d84bf5fa02e7923bfb7c7305b87168cb0f9c6dad14add83548ceb19220b2e78d599d478fc4fec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d82710a08b751f3c5867b26592d6f8d8A.ini

Filesize
1KB

MD5
ac8e886c27400682c28817e7e7f13d9d

SHA1
d110cd45973fbb67acd3600609f1c94542c74123

SHA256
49454532373df728137855b74a1dc75b6f8049d6de151b606e526205354e7245

SHA512
e7aa00f450a1fe36cbd407ee1760e19b8a6eb8853dd5afc86d162194ef131282c0f781e94b8deb62ac751ca3a3e31649d0b803aafaeff16ca298c9c60a54f361

Download Submit
memory/2148-133-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2148-134-0x0000000003B20000-0x0000000003B23000-memory.dmp

Filesize
12KB

Download
memory/2148-135-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2148-138-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2148-505-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2148-506-0x0000000003B20000-0x0000000003B23000-memory.dmp

Filesize
12KB

Download
memory/2148-507-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2148-508-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download