5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213.exe
Size

10.7MB
MD5

f261510524bffa0650da73a3b2e063c5
SHA1

45fbb491f216951f44e9b3dc2b3889eae69e2650
SHA256

5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213
SHA512

b337cf38396fc8adf1f3df53b37b2aaa0a4af9c4508dfbb580294fe741b632fb8d385502376bf849a75fe7b831bec93a2413634dc6c1a06e17cda7730eb4c3e0
SSDEEP

196608:M1O9XJ/XVOmvfLvZyScqYEzFNsyAgCMEt8hYn2u7AFXgpUoQtt968ABd:kCJ/cmvfLvZyS5AyjEiYnhWoQ796b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2884	5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213.exe
2884	5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213.exe
2884	5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213.exe
2884	5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213.exe

C:\Users\Admin\AppData\Local\Temp\5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213.exe
"C:\Users\Admin\AppData\Local\Temp\5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5b482ca55335c6bfa9895a7aa81d04d4d05b91d3e31a8a1bbe7e4d63fbb65213.exepack.tmp

Filesize
2KB

MD5
29096e19a4080fe227f2ec8d3910aae6

SHA1
22d7403ffa473ec7bc24955cb30a48f3d9c30ed8

SHA256
35cb2f82a0db5119dc2c1b95956ce7e0fccf9634faaebb1aefa9897e4af619ee

SHA512
7ba47eff7870c238dcac294e00b3820370be2c28f8cb814dec8345520ef2483556dd5a27bbf0f9449fa2b4e0fe9f7badc7fff178577e5bf82c14094112ff0cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\eabee2002b06ebbc505fc8a0bad268b8.ini

Filesize
1KB

MD5
aeaf5f5531ccf7fad959197d323fb77d

SHA1
64ee5662bb1c17073db3d46cca0e4fdc5ba61fe3

SHA256
91238506c3eb20b3b88eeb6c3f738d28e4b16a855ae2b5eb3231c506426672d9

SHA512
3a572dffc4f1b01a043de6fb58852fb150e4ca81752b00951723574a802d7095b362e305bc87def2e3e5e2b05e748b75359348b6efea9489d8b9eb713a31ab70

Download Submit
C:\Users\Admin\AppData\Local\Temp\eabee2002b06ebbc505fc8a0bad268b8A.ini

Filesize
1KB

MD5
767d6ca9bd26fae8601b6d4e3d3d9129

SHA1
3a85265a13f04711b29cf9c3f0f508b6d01ee613

SHA256
a63d6a195923cb7783a652a91269c3079bba23eb0a94b4efd1e7bd7b1813b553

SHA512
e3a2e1d9b8a83d2b4c46155b7c287c3d6a0770165aa5824127f1daa169801a4c4d2e09f2dc90d951be65b305606efa56b25d15da8b922562588cbdddcb01c1e3

Download Submit
memory/2884-0-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2884-1-0x0000000002190000-0x0000000002193000-memory.dmp

Filesize
12KB

Download
memory/2884-2-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2884-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2884-338-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2884-339-0x0000000002190000-0x0000000002193000-memory.dmp

Filesize
12KB

Download
memory/2884-340-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2884-341-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download