826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 08:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe
Size

15.9MB
MD5

00186e7a9b57d4ebd0c1f71ad17f0299
SHA1

9a4089d0971a287c45b8b23237038d2d9b33ea74
SHA256

826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322
SHA512

c17d059154c65a2c7c360800789e8fbc0373181c43ad4bfe21b39e9b08b21efba68f21df2c6a56b294ad40b2715354976b93aff66d28069621784f8df4438b0b
SSDEEP

393216:gHWtAi/sT1ZAszXPQGjbvi+pVFJM7dlfivv9rh:rjYH3X4abqKFSMvv9V

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe
1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe
1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe
1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2612	1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe	91
PID 1640 wrote to memory of 2612	1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe	91
PID 1640 wrote to memory of 2612	1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe	91
PID 1640 wrote to memory of 2192	1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe	92
PID 1640 wrote to memory of 2192	1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe	92
PID 1640 wrote to memory of 2192	1640	826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe	92

C:\Users\Admin\AppData\Local\Temp\826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe
"C:\Users\Admin\AppData\Local\Temp\826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exe"
  2⤵
  PID:2612
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1eacc344201a32f89285c0c37a5b929e.ini

Filesize
1KB

MD5
5a47d87c114aa26c7ca30f19c4f097f5

SHA1
bc0988f44523bc7539693f906faaa1fea137ea22

SHA256
57a237787434e000d8e8f742cd28e570e204ba7097ea440865cf10fecdfc856f

SHA512
0caec147714ce0b0966cf5646fa803c6f835d96ae425302b5f0d8ee4d24b860f0dcec242018f0cc50cbc7aec77f3697852d1ca19c7b95e8d59ab331f9023a5c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\1eacc344201a32f89285c0c37a5b929eA.ini

Filesize
1KB

MD5
cdaa9d409848d6756921f58b2b5b68d5

SHA1
f827ae98b73a28b12680c86016e0d86b81dad9ea

SHA256
745ce6bf512353bda97b111387ccf0dce09f4c9a3a31e1d20f3cd94d4eab8bbe

SHA512
5e6c4f89fff43ba515c6888b001deb3b69247e18d327e3a8d4d5486fa8a837e663db3afa4a3dbbfcead6915bfe01db4d762f0a47647b30d7ba6bc12b3c7df71f

Download Submit
C:\Users\Admin\AppData\Local\Temp\826a551e06f78a9ea693cd494c6a91607dda78fc2619dc4e19e38213c8137322.exepack.tmp

Filesize
2KB

MD5
811cb6a0910484a633775fb370136880

SHA1
86a8a458b263af0ce5d47873c627f200a2077557

SHA256
b20b01414cc6b9f9d4ba4a78b002f3e8e52878cc8c6d0faf4b6f1867e6f4fdea

SHA512
ece012edf512cc37717b40b6e402cc5bb67d57e25eda858bf2fc52117db87a8bde50513a7e20306dbcbd469ef07943c5450619a136d3d54487f7dbc24585bf2f

Download Submit
memory/1640-0-0x0000000000400000-0x0000000001DD4000-memory.dmp

Filesize
25.8MB

Download
memory/1640-1-0x0000000002090000-0x0000000002093000-memory.dmp

Filesize
12KB

Download
memory/1640-2-0x0000000000400000-0x0000000001DD4000-memory.dmp

Filesize
25.8MB

Download
memory/1640-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1640-329-0x0000000000400000-0x0000000001DD4000-memory.dmp

Filesize
25.8MB

Download
memory/1640-330-0x0000000002090000-0x0000000002093000-memory.dmp

Filesize
12KB

Download
memory/1640-331-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1640-341-0x0000000000400000-0x0000000001DD4000-memory.dmp

Filesize
25.8MB

Download