8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a

Analysis

max time kernel
153s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe
Size

12.6MB
MD5

12a07e4d279518a4b128ef40247d8457
SHA1

52a10327e82036e2a1c77c85278c10634c49ed5b
SHA256

8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a
SHA512

a6e8581122397f3c5c41a1b2afdb6edf4b5691d6597351ec672363a475fb1b4c3d914a7428248a8180dd26433ef5985cea1d7557902564f4dd72099bc53fd86a
SSDEEP

196608:MlwPCDvjunRD3KNQ/fkWgq5MG5GK1dB3kDpc2C7SfNkrGtDOhuTvyH+yU6hBU1ji:Mv8/BftnHBMBerq6WyU6/6/rfAVjDlb

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe
1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe
1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe
1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 4540	1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe	90
PID 1608 wrote to memory of 4540	1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe	90
PID 1608 wrote to memory of 4540	1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe	90
PID 1608 wrote to memory of 3904	1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe	91
PID 1608 wrote to memory of 3904	1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe	91
PID 1608 wrote to memory of 3904	1608	8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe	91

C:\Users\Admin\AppData\Local\Temp\8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe
"C:\Users\Admin\AppData\Local\Temp\8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*8eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exe"
  2⤵
  PID:4540
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:3904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5af511c0ca54e5ad98aa4f1086d09976.ini

Filesize
1KB

MD5
ff8e846b49b4a233d1c3bfa5e6bc6fe5

SHA1
f899d6d52bca5f845b574ea2eb1a4fd8d4e7e3c1

SHA256
467b0b9aaf43e133dfbdafc123d9dd0d5586f929e417a5c37be12a5e05a16345

SHA512
7693fe943e6ed5e3e7f2a1aa119e56c0a6fb48fd0ea2c77ae81bad896738a8c5017f132076363582897bdc944633248416d0dd7e12cd6a2068aa772271cdb1ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\5af511c0ca54e5ad98aa4f1086d09976A.ini

Filesize
1KB

MD5
bcccbbaa5b2d39a6ac466db101fd8ffc

SHA1
fb91667c7a6b7982aa9d875327a50bc079b321fd

SHA256
f1d6bb02f02e04fdc2ae721d079d99fce006cd848c45d35cff546977169c77ea

SHA512
6de02e401afacfd517f06d70b19e9ebcbb1b6e898bc024f3f2cbe12b1fd2e56a3908eea7035975174e4158736d9435fcfa039e08fcff478c5d0fe71097cf9956

Download Submit
C:\Users\Admin\AppData\Local\Temp\8258eeb3680f4db66e986adb1bc2ee1007f2c6ad9cbcaa1f175de1ddfe9d546a.exepack.tmp

Filesize
2KB

MD5
427c2bd6dcd9ef193977f8f9a74d2c5d

SHA1
019a3548606146c252701328329585a3ab79b920

SHA256
d01225391da26eba64d86cccf4fc943d40c032c9a0c54bcac0009718a5b08ca8

SHA512
7a2a5192b6ec5781d4f06799f414d94c44fcf5c1674225081b936eb045739a7116dce2880a992da46b5b0ed805094df747dfa1e80c9014c8ebd23099bb2b663b

Download Submit
memory/1608-330-0x0000000003B20000-0x0000000003B23000-memory.dmp

Filesize
12KB

Download
memory/1608-332-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1608-2-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1608-1-0x0000000003B20000-0x0000000003B23000-memory.dmp

Filesize
12KB

Download
memory/1608-329-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1608-0-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1608-331-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1608-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1608-333-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1608-334-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1608-337-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1608-338-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1608-339-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1608-347-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download