5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe
Size

14.6MB
MD5

52134b2d2ddd40eba4e25850a3d71d66
SHA1

a165980a33a011e7acd3c082df4d5c473d95a50c
SHA256

5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3
SHA512

6471ab2b29055c8a8c0d71d732cb0c96bd17ef97323ddd56788d0fef076ec96d8065eba72fdc1ab8f09bd953026ce86413b0952234edf2c80e11c71b5c30c11a
SSDEEP

393216:1anpN7H+zKARr6jZ62bA610eCNEV/KFt3rO:qbiOjZhLRCNEMFt3S

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe
2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe
2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe
2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 4124	2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe	91
PID 2708 wrote to memory of 4124	2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe	91
PID 2708 wrote to memory of 4124	2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe	91
PID 2708 wrote to memory of 1420	2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe	92
PID 2708 wrote to memory of 1420	2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe	92
PID 2708 wrote to memory of 1420	2708	5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe	92

C:\Users\Admin\AppData\Local\Temp\5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe
"C:\Users\Admin\AppData\Local\Temp\5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exe"
  2⤵
  PID:4124
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5a1f64aa589bf7634a9793450d83628092d75b3a13df57c2864db2ba4cef93e3.exepack.tmp

Filesize
2KB

MD5
c9a8ed1672b52eb8ecbf9627f8e97617

SHA1
4884b657fe4ab1c614faf713ed08c49111674729

SHA256
7c0e897251309d51b97e133fb27eb26c67a976651a1296ded0c0cb084fa4642a

SHA512
6b7eb8386e129835b6e6b51b39846c5a04c4744cbcc377d653915d27f2852a385eb219a9bc0e3e3b08ecec101a24b91709be2e97fb6f6afe91208d0756e90267

Download Submit
C:\Users\Admin\AppData\Local\Temp\7426a83228848f6573a96ec064bd6165.ini

Filesize
1KB

MD5
2249cfa7127338f11b1003bb6499d022

SHA1
a12f51591fe2d7d62e7a5b46de17ae3c8b88c6ce

SHA256
76d0ae07b1056853927e1e72d6653cd23be64dcdcef47dc2de87b3d2be84c6b7

SHA512
a2ffbdbcd1c8e04fba4cd07640cc82d07881b54648d26e8c92d4e3690be0fc4c3e0e0c3a1f129bc1c4230f6af35c454bbd440cc30f541fa10f879a0fb8efba0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7426a83228848f6573a96ec064bd6165A.ini

Filesize
1KB

MD5
31a1869a23ffe9a94bf55a910e13aeaa

SHA1
a30b187f94083236a8e7d8e9486155dba0f6a7ae

SHA256
74bcabbe3f93c217dad2a0e7c541dbc32b6dba0b7d82ed4a0499d86798a765bc

SHA512
57172dd54cec22b53e93bd0fe003254e1b212299e45e5deca862711af332029a83da8cbba49b759e68bbdd11397913c88095ed7cbae5f3cec26758a81ba6ff76

Download Submit
memory/2708-0-0x0000000000400000-0x0000000001DCC000-memory.dmp

Filesize
25.8MB

Download
memory/2708-1-0x0000000001EF0000-0x0000000001EF3000-memory.dmp

Filesize
12KB

Download
memory/2708-2-0x0000000000400000-0x0000000001DCC000-memory.dmp

Filesize
25.8MB

Download
memory/2708-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2708-6-0x0000000000400000-0x0000000001DCC000-memory.dmp

Filesize
25.8MB

Download
memory/2708-316-0x0000000001EF0000-0x0000000001EF3000-memory.dmp

Filesize
12KB

Download
memory/2708-339-0x0000000000400000-0x0000000001DCC000-memory.dmp

Filesize
25.8MB

Download
memory/2708-342-0x0000000000400000-0x0000000001DCC000-memory.dmp

Filesize
25.8MB

Download