b517a1d2e474a6475600e67b6942420f90dde12f8520e2e1dd6f33560fb02dc9

Analysis

max time kernel
177s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b517a1d2e474a6475600e67b6942420f90dde12f8520e2e1dd6f33560fb02dc9.exe
Size

6.3MB
MD5

c9bcb12fb73e210b94e82d571ed2d245
SHA1

a0eaa75e5ebcda66c1fcde621b2e4385f34c4615
SHA256

b517a1d2e474a6475600e67b6942420f90dde12f8520e2e1dd6f33560fb02dc9
SHA512

a10addfd311ead10d0d69d6a2a50bee817d95c602300a1748c1a6a16303c83cfe0979772677a3d0cc596c9473b02f3e0f65206329d8765b7dee3397045638217
SSDEEP

98304:GwYsi/0YL5Yc68aGAE3/MarNv6Gh8A/MFUSuDt+983JYp:GqYts8pAEhrNvb2FUlc983M

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3464	b517a1d2e474a6475600e67b6942420f90dde12f8520e2e1dd6f33560fb02dc9.exe
3464	b517a1d2e474a6475600e67b6942420f90dde12f8520e2e1dd6f33560fb02dc9.exe
3464	b517a1d2e474a6475600e67b6942420f90dde12f8520e2e1dd6f33560fb02dc9.exe

C:\Users\Admin\AppData\Local\Temp\b517a1d2e474a6475600e67b6942420f90dde12f8520e2e1dd6f33560fb02dc9.exe
"C:\Users\Admin\AppData\Local\Temp\b517a1d2e474a6475600e67b6942420f90dde12f8520e2e1dd6f33560fb02dc9.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7SK9IL3\quill.bubble[1].css

Filesize
24KB

MD5
4c36b98f83d8c928477190728178e3a8

SHA1
5926a7b8724ebdfb51e375fa96da5f03462c932c

SHA256
799367ba0fc9c9ec823ccaa0f44a876c1e5799c105d848689dbf66a0b7800433

SHA512
709833e8cbe3fd8998a865ee972e540ad83827ae28ae5fc86cddefca8a52e37d1927a1636bc1c16c4f033d620a525e17b452c525c891ab8fdbcb9d437fd16808

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient30192\Game.exe

Filesize
1.3MB

MD5
875c31064b2b780ed07bf59d6d1fc70a

SHA1
2d63e4014a0d3a52b3146ce9892b2702e02068e4

SHA256
e612ca94d4550b1878b774af8875860e160fd0a7cefb9e134bfbdb88da09beff

SHA512
6f9d6f9d690f0b181d6f175b3e98e009afc3f44799fd7ab85c3e0cdf4ce376c043d9184e49c51e57edca14c937cbeb30d7b09c24135daffd7b5effca7f70d357

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient30192\game.dat

Filesize
126B

MD5
d999e2929339add9cebbef295d1bbeb7

SHA1
5c41bee0fdae4f025c2770c8c902148b375208a3

SHA256
237dce3d880566ed658d08372e355ff743bcb6f32aa4b24a2926b062c56c77c0

SHA512
f98fa001c8846bd2029f1254e8108cb79ddcee2556e864dd699a8066f40e809d9f63faac2125fa697057288785ae3eb94cbecb7dab93553ac57deea07c1262ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient30192\mod_fgcq.zip

Filesize
759KB

MD5
f7edc2f70dcdf9018d2d3d37d8fd6022

SHA1
f3c62e0f7bbee32e8b14598918bcdd7fea271a8d

SHA256
73c601edeb03f0d383a2c06d161287a7adb1889621d54cc8a53b76d540a50b04

SHA512
2df823836b57eef824192f454f771445999bc7d32e1f4401a321d17547ab744885ccd40304b6dd401a1b796e209c342772543712978f46ce4ba6b76acae06661

Download Submit
C:\Users\Admin\AppData\Local\Temp\GameClient30192\ÐÂå©´«Ææ1.exe

Filesize
6.3MB

MD5
c9bcb12fb73e210b94e82d571ed2d245

SHA1
a0eaa75e5ebcda66c1fcde621b2e4385f34c4615

SHA256
b517a1d2e474a6475600e67b6942420f90dde12f8520e2e1dd6f33560fb02dc9

SHA512
a10addfd311ead10d0d69d6a2a50bee817d95c602300a1748c1a6a16303c83cfe0979772677a3d0cc596c9473b02f3e0f65206329d8765b7dee3397045638217

Download Submit
memory/3464-0-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/3464-2-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/3464-35-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/3464-36-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/3464-40-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/3464-50-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download