Overview

overview

7

Static

static

3

a4f20b60a5...40.exe

windows7-x64

7

a4f20b60a5...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    160s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2023 06:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4f20b60a50345ddf3ac71b6e8c5ebcb9d069721b0b0edc822ed2e7569a0bb40.exe

  • Size

    24.1MB

  • MD5

    f078853774c08ba81f0155dc12566c25

  • SHA1

    541743c9beac879e48701c38e79f1566aa849738

  • SHA256

    a4f20b60a50345ddf3ac71b6e8c5ebcb9d069721b0b0edc822ed2e7569a0bb40

  • SHA512

    a0bc4d656d74b4a84d141e6172ccc4232ed5563fe3f5389a9502a842339d5906c21a5b8632f44a96f8b7d8f990e8558fbe2cc0c0910163921fb31d6c131d2b2e

  • SSDEEP

    196608:SniNp8AuRRkZShpx9NBFdd5KHdQlL0+TMjA5eeEs9xsL2/3TOGiBwn5lfNNZHof5:SniNjex3BFj5qd8h3ziBObfN3Ir9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Runs net.exe
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4f20b60a50345ddf3ac71b6e8c5ebcb9d069721b0b0edc822ed2e7569a0bb40.exe
    "C:\Users\Admin\AppData\Local\Temp\a4f20b60a50345ddf3ac71b6e8c5ebcb9d069721b0b0edc822ed2e7569a0bb40.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of WriteProcessMemory
    PID:3908
    • C:\Windows\SysWOW64\net.exe
      net session
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4448
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 session
        3⤵
          PID:1600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\build\Release\drivelist.node
      Filesize

      367KB

      MD5

      6b47423f737e5f305737c827ab628ee1

      SHA1

      aa23b883984f74a30d544e34f085b244e8ea8c1f

      SHA256

      461d580a16cf1fa67b4ac751dfe9d36b2de3f13c97670b3b12641f20246ce4b3

      SHA512

      50d52b2b982396b3db48031a057e661cd437e2afb11dde3e3aaa39dd6bc55a4157161d7b52abed2cff9b9d8f8c324a5ae5bb608bd94876e04f5bf3b0b407c8d1

      Download Submit