5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
24/09/2023, 01:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe
Size

10.2MB
MD5

0836ffee35564a119462a4e0c8cf25b8
SHA1

11dfde28ee88343faeb0e6a77f6335029d6f6fe1
SHA256

5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91
SHA512

050a28f8e5f1ddfca1ecd52d8961503ae2bd6e6dc38f509c49f9b703be996d0afbd027838d94c0f8dc1f267d35fd3d8be7489f679a41f9c8d2e08eef24932455
SSDEEP

196608:jBfufC0RdtuCdrk1B0LI4jlKzaYDTnaKwsw7AO2QTQXecmFxy9+KEIC:xwdrW0M4bYfiZ25uXKEIC

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe
1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe
1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe
1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 4936	1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe	90
PID 1136 wrote to memory of 4936	1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe	90
PID 1136 wrote to memory of 4936	1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe	90
PID 1136 wrote to memory of 1820	1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe	91
PID 1136 wrote to memory of 1820	1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe	91
PID 1136 wrote to memory of 1820	1136	5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe	91

C:\Users\Admin\AppData\Local\Temp\5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe
"C:\Users\Admin\AppData\Local\Temp\5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\\*.exe"
  2⤵
  PID:4936
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\\*.dll"
  2⤵
  PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5c576ed0ffa4734afd7a0f02fa53785d5257a7cd23fc053e567166307a624c91.exepack.tmp

Filesize
2KB

MD5
94620b0e2e5f6ff59dc9417b69321f7c

SHA1
68e81ef419e49d01d50294b66c9633a3bef1d93c

SHA256
a2addfa7585830cc5b1a4264c5935adda0806ea1f07e88a241d606ddbd5a9b2a

SHA512
2fd2cedf8ee7a18de1b760758d73853c25456ee63b31a3e44a12947f89a58e0ca949a9c0f19997c70c3c79f913c95fd713dd7b95e50d0e6ee5e761e47a04e3bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ebd118afc5528b821c4859a01651bb88.ini

Filesize
1KB

MD5
6e02a887666ee960ace8e95787b2dc91

SHA1
14b9357d505a824dd25f0e6d870d2240ed951a91

SHA256
be3c279e2c3b486b24e533f8f6ed4a133f0374c03bc59a76269014def109ba05

SHA512
4be0495c7d08e7e96fc2c92c73b2a30a5a674f04e06ffe92308bac0de0d0b75c2a2aa1547fbca4eac5b4eec5b7daeab986b8b218fde79dd9cdc3bae1c3211ce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ebd118afc5528b821c4859a01651bb88A.ini

Filesize
1KB

MD5
c375a6102f5d49cc0d3ef1146025d72e

SHA1
fcf5500df10e71375fb60fdcadd352a3ec1968b0

SHA256
9c12ac6e8aa74cd92dc7961d3be2e700ed82b0859d91771ff7957c19447da70a

SHA512
77a43c5ebed92c70bb76fd9b4470d6acf1b3a1acb707f06f955f228333df6b391c924c1d3685caa7d5992a4d2ecd622ec8e7fdc98de73b48f59283762c300855

Download Submit
memory/1136-1-0x00000000020C0000-0x00000000020C3000-memory.dmp

Filesize
12KB

Download
memory/1136-0-0x0000000000400000-0x0000000001EE5000-memory.dmp

Filesize
26.9MB

Download
memory/1136-2-0x0000000000400000-0x0000000001EE5000-memory.dmp

Filesize
26.9MB

Download
memory/1136-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1136-330-0x0000000000400000-0x0000000001EE5000-memory.dmp

Filesize
26.9MB

Download
memory/1136-331-0x00000000020C0000-0x00000000020C3000-memory.dmp

Filesize
12KB

Download
memory/1136-332-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1136-342-0x0000000000400000-0x0000000001EE5000-memory.dmp

Filesize
26.9MB

Download