33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31

Analysis

max time kernel
141s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31.exe
Size

11.2MB
MD5

a94b04df7dd45841b8a672ee74c8bc5b
SHA1

dbb1e80d702f5efa733e816b937bd2fc9936c7e6
SHA256

33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31
SHA512

336748f97032492e16dba9e022e8a2a11b0ac7e68c10d0e6dc35a788c8005af3900cb31d83b0492ca4a6bbfba95c029d47b208dcebce535623d7bf33bc781058
SSDEEP

196608:nkfN6ftJRNx3Kqt3RPcZWrduzuMfCFpDLwJm10btyC2waYF16g/XUY69vLRN/6Ea:nkfN6ftTvmYduzuMwDkjkC2w3fXD6bZM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2820	33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31.exe
2820	33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31.exe
2820	33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31.exe
2820	33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31.exe

C:\Users\Admin\AppData\Local\Temp\33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31.exe
"C:\Users\Admin\AppData\Local\Temp\33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\33676239224911d6e9c2034526d802b137a5cd4ed72ae13544e75d13698a4c31.exepack.tmp

Filesize
2KB

MD5
ab389096c78d7425580e15045223492d

SHA1
2ec807f5133bfb3a3180bc84a7ef2c2ce322b6b2

SHA256
18898eed3ceb794de0686c9066ff700d8550337f9c61c2c91a1f93572ac861bd

SHA512
2d4878496f830f6bc60cd8a7c9f05a61871193b945fad8448119ab34f88556c1143a23f1686e741cbb48457fdf79da8499856f475840eebfe0c7c06a47b8d222

Download Submit
C:\Users\Admin\AppData\Local\Temp\cc3e829866ffe2e335cff1099634f166.ini

Filesize
1KB

MD5
268092f23f257a5e3cdbb2eafe882df6

SHA1
8dc5eab54ecc74fb15c79fc6129778893fd29309

SHA256
1a0d6ee47ea255089636c2c4dfb74eaa0b59b9b608a1a61c34fb4abefb22d08c

SHA512
26b64e1b8912b50f98dbf9a27270ca1b787cb95fd7b32f7c5fa322997da75ab6dc310a47e7a45b78beaf0f0747354197a63a16e74f3046643b6e2aaef7e6e774

Download Submit
C:\Users\Admin\AppData\Local\Temp\cc3e829866ffe2e335cff1099634f166A.ini

Filesize
1KB

MD5
d461e82c04dca755f46e1a1463562a60

SHA1
0ca536b6cdde93e5abc36a918ef4a544f0261c39

SHA256
cca90761772ab7a07bbf41404179ffd8f981a80e3e3ab16fc95c1e1b0f82b0e9

SHA512
b8c9c70b603488cfb3311d9d7cce3e1bbe52668915c12957898aa99a3940ae383837704d80d41e1d4e8501e7895f4b730ab204b7b0ee5dde6410ff57f3f6a37d

Download Submit
memory/2820-133-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/2820-134-0x0000000002510000-0x0000000002513000-memory.dmp

Filesize
12KB

Download
memory/2820-135-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/2820-138-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2820-477-0x0000000000400000-0x0000000001DB0000-memory.dmp

Filesize
25.7MB

Download
memory/2820-478-0x0000000002510000-0x0000000002513000-memory.dmp

Filesize
12KB

Download
memory/2820-481-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download