7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2023 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17.exe
Size

14.6MB
MD5

0f3d99e059aa6e0b99d654bb3faafce9
SHA1

45a6d2ae5a5beacffd31ac0335ef9baf011e4066
SHA256

7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17
SHA512

2ec24b5ff1e097dc52f7e5f5f60403227a8bf3b160a42512c9b22ebf1ba5121684ec1e0c3c6f88eda2cb01bc5ff53ed591d797b8ac6e2805774194d313ccc68f
SSDEEP

393216:X0RoCI93iOPCv8wOkgdT2t3/FubjcWgV+aRoAbEXdaxuAh:kvVX4Qt3dubOggoA0axuG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2012	7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17.exe
2012	7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17.exe
2012	7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17.exe
2012	7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17.exe

C:\Users\Admin\AppData\Local\Temp\7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17.exe
"C:\Users\Admin\AppData\Local\Temp\7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\779cafdff5e97916f4726bbec65141a6.ini

Filesize
1KB

MD5
c2b90a2c303be2e0897a049e43b20a62

SHA1
3357cfd43bb218b50db53555d4e8399dd0dcf861

SHA256
ec43d818c5bee56fc45dbbbb667fbca9b4798c5381770391f6840bb8783b6e88

SHA512
b07967697525c06ba60038c80f2f9c116fe6898d8deda7cce9173433dd7cc84c8d5e56dbf979a4f28f5c8de6884981dc1fac687764b6fc38734042bb483bda69

Download Submit
C:\Users\Admin\AppData\Local\Temp\779cafdff5e97916f4726bbec65141a6A.ini

Filesize
1KB

MD5
16fbd676daa40803fd9804b0fd159060

SHA1
7a00d84278497ce53d77a6bfc18c2527739033f6

SHA256
c586d17714d639ce49433d76732507edada794ae39728a702f5a6dbf76f6d21b

SHA512
39b728ff5f132f6ec660d6a7c3d52cc5c67f88d24d56cb8174c5966de4ce058eaca5a40feb4715afda08c623a1cddec300fbd5be6bc88c53d41e3f1a58d819ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7a0c45336ca086d70ce1539b7681b3c7fab2c3fb6067a327a745dce3148a6e17.exepack.tmp

Filesize
2KB

MD5
20f73f1007a3af2bebc18e9cd1a26b8f

SHA1
1027564567c0fbeb4897ba2efc282ae47b5ed14e

SHA256
974bb69621c3e532146a8630e5a5beb932ff3c5fb02efc801251fde3d8caa557

SHA512
efabdb20bb6cf69592a0e18bc895bca475d0ab6fc32e7c256de6f3c0ebca50138056db291c78d33ef630dce98b28a76e50b1848f2c612f984b45ab04ff3ea283

Download Submit
memory/2012-0-0x0000000000400000-0x0000000001DFB000-memory.dmp

Filesize
26.0MB

Download
memory/2012-1-0x0000000001F80000-0x0000000001F83000-memory.dmp

Filesize
12KB

Download
memory/2012-2-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2012-337-0x0000000000400000-0x0000000001DFB000-memory.dmp

Filesize
26.0MB

Download
memory/2012-338-0x0000000001F80000-0x0000000001F83000-memory.dmp

Filesize
12KB

Download
memory/2012-340-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2012-343-0x0000000000400000-0x0000000001DFB000-memory.dmp

Filesize
26.0MB

Download