1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658.exe
Size

13.2MB
MD5

4aebf7e1d7b264039a2db382abf5cdcd
SHA1

95818a8d480a75b04de456255722078327bef1a1
SHA256

1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658
SHA512

ae9eb52a51d11bf3201d0f74db7562d0e3ea98513283aeb8b0593fe0202fc960b9cddb23f79e09a0ee75f25dc586d3c977063c62769b2c862bfcb6dfbf3c6951
SSDEEP

393216:Ia9wat5PHygRhZvLOjYhaHPqzITPCH+Fly:D6ePSg5LOjjHwKHy

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5102E5A0-2820-4B21-A0AF-98A8BF680751}.catalogItem	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4364	1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4364	1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658.exe
4364	1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658.exe
4364	1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658.exe
4364	1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658.exe

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4524

C:\Users\Admin\AppData\Local\Temp\1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658.exe
"C:\Users\Admin\AppData\Local\Temp\1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1364e2ffee665226572f7c1a48b4e973a62658b3fcf980b3b3ed0eb8900bb658.exepack.tmp

Filesize
2KB

MD5
6a3f0cb83a73d0912885f586bb9260f3

SHA1
c6c4583fede9b64fe78486949e5b739aa9694961

SHA256
c4f8cb17f5adfa60987e82cac5e32149c52564a67616248427218880745bfede

SHA512
43b676f4a1529051dc3e79999e4bd8a044c2886413dada7dee0ab66235000e09c7554d825103b03f6dfe832d39b72f64b535e8cdc1d0e334dbf13e937832f5c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\25712c0436372e69fcb36af5b40c1bc5.ini

Filesize
1KB

MD5
696221d92761bc334b5efc56394567c0

SHA1
c296847bb6c3520eda469a5ba7c2ce491f40cdfa

SHA256
b6f16cc3de48feb45ce0791760f708f23d2afd7d38e8e539d36c8dfaa107236f

SHA512
94636eadffa1b52fc88ee5c8529d78aa91c94e5d84062b647548cc87483d38e3f5047a73da5c8fe8cfc71df616ec35d8a22564eeddcde2a87952608bf115acea

Download Submit
C:\Users\Admin\AppData\Local\Temp\25712c0436372e69fcb36af5b40c1bc5A.ini

Filesize
1KB

MD5
85d645c1f5e114f5df615c93fbc3bdf3

SHA1
815f8b11da4dcee43be4c1c6f8b86d0c87684a1c

SHA256
e692bc5e3f21ddb579f77699659f6d77a0d61be90dca69843032f51f046d4b4b

SHA512
4c6c23a7c98967199ba2de9d2b68a71eb1bd15c51651ec174cb49a3f1307cf9b60f9d567464bfa1313a3ab2266bc771a304a09441f6b46940871fd8b4556b0dc

Download Submit
memory/4364-1-0x0000000000400000-0x0000000001DF5000-memory.dmp

Filesize
26.0MB

Download
memory/4364-2-0x0000000001F30000-0x0000000001F33000-memory.dmp

Filesize
12KB

Download
memory/4364-3-0x0000000000400000-0x0000000001DF5000-memory.dmp

Filesize
26.0MB

Download
memory/4364-12-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4364-378-0x0000000000400000-0x0000000001DF5000-memory.dmp

Filesize
26.0MB

Download
memory/4364-380-0x0000000001F30000-0x0000000001F33000-memory.dmp

Filesize
12KB

Download
memory/4364-381-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4364-382-0x0000000000400000-0x0000000001DF5000-memory.dmp

Filesize
26.0MB

Download