3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f

Analysis

max time kernel
138s
max time network
145s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06/10/2023, 07:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
Size

7.2MB
MD5

c0a9a6e829e9490ab3bd58fc395e0cb2
SHA1

7e006c9945a6515b729e91e0cde9bb1b04711258
SHA256

3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f
SHA512

6a5a2e49e38eddc8965f1abb97be0563346b2cabeacac14af86b32ac1c40486501aec1cdf7c803106ab49fe75871b22879bb1395db133b29e5a301ffe2aaad19
SSDEEP

98304:hVrCgj2UCSIoXib3pKfi7cM+GGAi/hXfx8ujLWqghGdkXC/2rF2UfOF:KcSTKGGAcj8QG2r

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe.lnk	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe

Loads dropped DLL 1 IoCs

pid	Process
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
2344	3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe

C:\Users\Admin\AppData\Local\Temp\3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe
"C:\Users\Admin\AppData\Local\Temp\3e897ddee5f90b4ac1764dc6911fb7e277e4cd6a816c35068a606ba96b75aa4f.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\HPSocket4C.dll

Filesize
2.8MB

MD5
8430b540f961d9268b004929931aeb8c

SHA1
b306b1421b25ea019abd0fd849b64fdadf5bbd01

SHA256
33d2dfd87f6520428f7c24bcb64032be2cf97ecadcf2ee5530ca21a5d213be51

SHA512
da6fda11b945504eb388e2314d318c795eb5317898c80f367d876a32349b210c2471bf16259044bbe60fccd99334b719aaac5fe67698cb8a305b91f5f8d9ad4d

Download Submit
memory/2344-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download