6d5a146b6cbc0cf37fee9a06d8de63a89bb09a8058bf45359df160c913777064

Analysis

max time kernel
143s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02/10/2023, 11:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

256c2a409c97448d168f3eb1bfb89af3d259dfc05a510a3f464d8e4b348116d4.exe
Size

587KB
MD5

b31679db7db878992b4553290a9e6c7c
SHA1

7d0d2b434b51abe91e5b16e4c8dc8d26143b138c
SHA256

256c2a409c97448d168f3eb1bfb89af3d259dfc05a510a3f464d8e4b348116d4
SHA512

a9c65a280c5bfcd9a221a47237e96f454c85cf0a2222cd0469d2326a03cfaaa5b69424c4963f128affc91c8861b9aac236289578a94629717d81a7e3b08a75f2
SSDEEP

12288:0MNVzzbgNRk1Lq+TC0YPxfqswK/EH1WYEmMC+jsEdf8Zdq0Cxmj1A:dLE1+TYPljwK/oY9se8Zd8kJA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2080	256c2a409c97448d168f3eb1bfb89af3d259dfc05a510a3f464d8e4b348116d4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2080	256c2a409c97448d168f3eb1bfb89af3d259dfc05a510a3f464d8e4b348116d4.exe

C:\Users\Admin\AppData\Local\Temp\256c2a409c97448d168f3eb1bfb89af3d259dfc05a510a3f464d8e4b348116d4.exe
"C:\Users\Admin\AppData\Local\Temp\256c2a409c97448d168f3eb1bfb89af3d259dfc05a510a3f464d8e4b348116d4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\vgm_player.dll

Filesize
82KB

MD5
47361f2e1ce562953c36c1e3e4509c06

SHA1
84031b61e761160040c0f02fcdbf5149afa4ce1c

SHA256
c5f76741a5b02c7373a05c13f44b47af60d130f2b2d1a510e7df270bd2e4d62a

SHA512
0b2fad69a2786d9934ed55525f67be6661b9c22ccd3e0e752f60a787e804ce0c475cba6d672a0507c55334d948e912e2bbd951f23be19e30553b528b3516fff2

Download Submit
memory/2080-0-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2080-1-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2080-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2080-7-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2080-8-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2080-10-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2080-15-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2080-16-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2080-22-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download