Analysis
-
max time kernel
119s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
11/10/2023, 05:00
General
-
Target
863037-Remittance Copy.exe
-
Size
565KB
-
MD5
5869b519a2ccb89f10567b53853a4d22
-
SHA1
c9e9d335d1a2413ed5aacfdc41ff1cfdbb0d899f
-
SHA256
9acb3802e7f15ac9c240749ff8c3ebe7a7cd660bedf4b6a6a1edef4de714aa43
-
SHA512
c5c3d25b7f13cc3659bf870c33529ade660defbfe856af336e808a6c583cd4bd700a0d7105c4f6567c1eb95dd38186c27840226dcb79fafdd99ca020402fc699
-
SSDEEP
12288:NHaiZscgfKciEpjetvBGtS1gIjVrKVXug+0lnX:+ViUub1RjVre+g+0l
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes
-
C:\Users\Admin\AppData\Local\Temp\863037-Remittance Copy.exe"C:\Users\Admin\AppData\Local\Temp\863037-Remittance Copy.exe"1⤵
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ekybpZarpIGq" /XML "C:\Users\Admin\AppData\Local\Temp\tmpC809.tmp"2⤵
- Creates scheduled task(s)
-
-
C:\Users\Admin\AppData\Local\Temp\863037-Remittance Copy.exe"{path}"2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5121a138614221e723a392cf452165206
SHA11a6113835f34e939da594a54f96c2774aaf9af7a
SHA25606a05fe868a1f2045bab5b18fd9658041ced55595bccf101532d6ce14ab2ee67
SHA512054fcf7fbbc375b50122b0230b9e62ff9b49968a801d0eb3668e4c45adc4938a870fd40d3ecd4ac5226548269f9a4537ec084bfb7d5cd3cbcfe06e74e04213ec
-
Filesize
320KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
408KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
264KB
-
Filesize
584KB
-
Filesize
40KB
-
Filesize
64KB
-
Filesize
48KB
-
Filesize
616KB
-
Filesize
368KB
-
Filesize
344KB
-
Filesize
3.3MB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
5.6MB
-
Filesize
7.7MB
-
Filesize
624KB
-
Filesize
592KB