87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
31-08-2023 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
Size

14.3MB
MD5

84706e317709f668156e1a64655b8575
SHA1

7f8c6c36499b6968b828cc31fe364a9f36c86cf3
SHA256

87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79
SHA512

df17e7d8470945999ea7001c08ff2851cabfe0671fcad961a54ac0a1c67ca457348a5533a5a456f61065e61f738f615f195bea5cae79a0def6fd94b275155dfd
SSDEEP

196608:vUA2js2wjg2AUa78dy88xotEfi7ZL6hIQq3DGtrDEELswvHDiwr05LHwkfgvJdaG:vSA9jg2k7Z83tYhIXDGjUQhbU1Q

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3244	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
3244	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
3244	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
3244	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe

C:\Users\Admin\AppData\Local\Temp\87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
"C:\Users\Admin\AppData\Local\Temp\87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exepack.tmp

Filesize
2KB

MD5
a201e42881f69746cbbcfb145e78e79e

SHA1
8a3344bb01bcf4c4c3472e5d69c845664fea1cdd

SHA256
b988461f71b0541e4a9aa0753299ee6eb09034d855b12106cae9964a221c5f6e

SHA512
67e86010a873a42962038fcda91474efe2962023c4187e11f1a1d52dbb9637e144e1681f87a1125e7a681bf593a51a7ec26027f331268c744edf6e59d0e4946f

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe23fef1270b1333cb6b8595b486efd1.ini

Filesize
1KB

MD5
bc8b6919c8aa83bfeb099c4db51d452e

SHA1
761949a84009396e2cd846a4062c4282a050dc25

SHA256
3b884f28a5850f0701977b69b2ec372232531f6733852de11f21727853a83aaa

SHA512
f67b4f62a4d0faaa7d7deaeae3f67e224212aee3be2ddbca4d63cfdba5653aec43621aa137596fba49d5ad99a46d7c39b9d1e814dc424f09f5ff695150945c97

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe23fef1270b1333cb6b8595b486efd1A.ini

Filesize
1KB

MD5
0203c4f364e0e7f63d040021caaca02b

SHA1
e7284c3c6f8022e5f5fbd0c4eb6bba3ac9a21205

SHA256
23cedca8efb4bdf2ee0b0992a18d6e8f27ca545f2ec7e43dfab57ab5972b9024

SHA512
f0305adddc833defd8d2c09c88855aa92829f2bf42556e08d9b8d913e7bc95c2cf67866b1a24e9c9c8193e6a6cb7cdbc1a362d13881ffb5b1261bc164aa66805

Download Submit
memory/3244-0-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/3244-1-0x0000000002380000-0x0000000002383000-memory.dmp

Filesize
12KB

Download
memory/3244-2-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/3244-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/3244-338-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/3244-339-0x0000000002380000-0x0000000002383000-memory.dmp

Filesize
12KB

Download
memory/3244-340-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download