53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0

Analysis

max time kernel
151s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
30/08/2023, 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
Size

14.9MB
MD5

5af000c5f71d6acb03b2650f066770a4
SHA1

31c5271b5eb574d22e650069d28477e26f057b02
SHA256

53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0
SHA512

3bbd6226fbdc8692c8e63def4cf1d520e8eae3e9275386a1a26168334e43da95693ce3b7f522b899df716d9759625f2334356ba08bcae8eefc331be75f87680f
SSDEEP

393216:kCJ/cmvfLvZyS5UngknZPwW8XsIUmKoMNb/5:kDkyGmgknuBXvUmfgF

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1368	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
1368	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
1368	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
1368	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe

C:\Users\Admin\AppData\Local\Temp\53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
"C:\Users\Admin\AppData\Local\Temp\53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\148032480f281c5ee031e721f60a6356.ini

Filesize
1KB

MD5
4d698dfd5c63e444c60b9b497ddc6995

SHA1
5a7bdb2fdedae51f02c50398ce0a6e2c66b67ae1

SHA256
35bdae8c308ca05f5f3eda76bcbc0162c4f272a27859abbc28669e5c81bf3452

SHA512
d7a4a0b9b596ee7816d92749903441e2a7dbf48f1c84227f59c0f054846efba6357a68a4a80579cb8d201f1b6d3395542cdf46465c83c19670fad98661328ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\148032480f281c5ee031e721f60a6356A.ini

Filesize
1KB

MD5
e851b321aca4e8a32baa8711b1ab0acf

SHA1
2041d2e2138caeb3f899d8c815e57c16c7fad6be

SHA256
ee8a08b70a8a3a185f1d03036c1ec2b0aac6da028b70d145a7aadd93544e409d

SHA512
7fa3414e543677c171806708bb031ca804d49f3b9666d33a7ebc607db58ee078195421ea33f2501b5e141a494ffd00fa0554a794e4e25bf6aa3179547249714f

Download Submit
C:\Users\Admin\AppData\Local\Temp\53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exepack.tmp

Filesize
2KB

MD5
5b13e76a693e82c4533e259e1d7a0d71

SHA1
ba7dda9141745e77fecf98333b222ef981d9d370

SHA256
008ff79a38c66bbf8e6cdde89742fe3dd36291d81211b453a762c534c25454e2

SHA512
cd418e3eed43cee67f98acb8dbe7dad150e1896490e81fdf7ae855b0ce5ca3326c5f14e0ae138469b5dc9da1133729fc1817337658f376c63dc7368d82aec74c

Download Submit
memory/1368-0-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/1368-1-0x0000000002490000-0x0000000002493000-memory.dmp

Filesize
12KB

Download
memory/1368-2-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/1368-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1368-344-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/1368-345-0x0000000002490000-0x0000000002493000-memory.dmp

Filesize
12KB

Download
memory/1368-347-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1368-348-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download