3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2023 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561.exe
Size

8.9MB
MD5

23d98ac9ca622ef77deeb064858147e2
SHA1

8be7058042f109096b69bb2d58b02d8bfe4ed9ac
SHA256

3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561
SHA512

a9f62f08fc2e4e4873aa83c5b3218eeef1d6c175d87266caf64b796e13d8baf875c238356cfb30a0f864b9a1e628e1945b55b9aeca6ef584c55d193a8f76c965
SSDEEP

196608:ppma0RoC36+gzgAdBiOPRcv8wOka5++JPljg978GWtMZ03P5mhHVw/r1qMgbkV7q:X0RoCI93iOPCv8wOkZ+JdM94G9W5mhHZ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3712	3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561.exe
3712	3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561.exe
3712	3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561.exe
3712	3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561.exe

C:\Users\Admin\AppData\Local\Temp\3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561.exe
"C:\Users\Admin\AppData\Local\Temp\3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3edcdf2385635044bb12835c921f377fdca0ddb8ea9e32e379bb5ed004d39561.exepack.tmp

Filesize
2KB

MD5
877b0c6696577f6d279b78d9eb8d4f5b

SHA1
478d4ba556f2efce4b42274000d8082768983f26

SHA256
7485a6b65e9cd19737a5aa16b4240891346b249cdf3a6dbe84522b0725098b3e

SHA512
4fbe09d640380e8dfd68f8cda30e81739b019e805189acbe225515c4d085a3a7b38a9beb525e2fdb9b7dabb53b22c895566f6356fa3de2ebdd7140a6060d5f71

Download Submit
C:\Users\Admin\AppData\Local\Temp\3f12c087d7acf5578c53dfd954f9e1dd.ini

Filesize
1KB

MD5
2f8b954371ab5c22c180147fed4f4c97

SHA1
1d08337943f81acce8059eeed0dad72249346be9

SHA256
dd30eea5617570ba81b3334eb2e34ad1f58da28fcff46cededff379872976296

SHA512
63fa8128e7b134317150df6f59d6830c00735542dc99e4a100db5a5012c543f366e2a077e22bb2dc65e759b776e5424b452a67b74d45b96d1f9b4d60074dce56

Download Submit
C:\Users\Admin\AppData\Local\Temp\3f12c087d7acf5578c53dfd954f9e1ddA.ini

Filesize
1KB

MD5
4404caf1d20acf60dd373ba3439b12d5

SHA1
1093d9b18aba965b37b3ebe0a35bd5487682f2bd

SHA256
009ccf64025701b1ba35e5b38368f694560ed2267175af97e9a50619bc57cd3a

SHA512
7750232f6518aaf750e1c2ce8c8b394407b5d02471f614fdf68c82f812395686ab894675e03e3c3ed32bde5afffafe45112e2309296e6987d567ce9bc3248d0c

Download Submit
memory/3712-0-0x0000000000400000-0x0000000001DFB000-memory.dmp

Filesize
26.0MB

Download
memory/3712-1-0x0000000001FA0000-0x0000000001FA3000-memory.dmp

Filesize
12KB

Download
memory/3712-2-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/3712-352-0x0000000000400000-0x0000000001DFB000-memory.dmp

Filesize
26.0MB

Download
memory/3712-353-0x0000000001FA0000-0x0000000001FA3000-memory.dmp

Filesize
12KB

Download
memory/3712-354-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download