1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe
Size

230KB
MD5

5907da640711748320b375889d19b0f4
SHA1

dec22e5e5ec4d0c6c76bd1bf3dc91b5367def65b
SHA256

1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690
SHA512

3b03a8807e36de4e9add2e87c7c29369a1a900faf648bcdd4e87c68fb7d6edd405fc2d06abad7c534c2d085b9c1d1ebb47af8d709f0a1fbef20cb1e4751a88b1
SSDEEP

3072:xbPOJ4Yiq1S1eB+dviKpfGvxi3LQruEy02zu:xi6YhS1C+d6wMxwQruEH2S

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings	1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4960	1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe

C:\Users\Admin\AppData\Local\Temp\1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe
"C:\Users\Admin\AppData\Local\Temp\1593eff511a06232f1ffbbcf9b55a75715097a3d907d542f0cdf8d971712a690.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4960-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download