ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3

Analysis

max time kernel
151s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe
Size

13.8MB
MD5

abb17b04197785b74596700af3065645
SHA1

ff6436c583db9b66a82ca135aaea72666e5bbd05
SHA256

ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3
SHA512

49757507bb79d0aabd8e9e80f4d46e54db70c42c2d64a772811821c1be91a538d97798156655e4b85751526e916221f21e3a05647d160dba4b46831b539aa344
SSDEEP

393216:5TwVwYBxHcVRXgbJwUyvC/4+rp9rIVTzBp:V0w4cwbJHyvypGVTzL

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe
3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe
3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe
3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 4324	3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe	88
PID 3356 wrote to memory of 4324	3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe	88
PID 3356 wrote to memory of 4324	3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe	88
PID 3356 wrote to memory of 1252	3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe	89
PID 3356 wrote to memory of 1252	3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe	89
PID 3356 wrote to memory of 1252	3356	ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe	89

C:\Users\Admin\AppData\Local\Temp\ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe
"C:\Users\Admin\AppData\Local\Temp\ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exe"
  2⤵
  PID:4324
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cf7a36bfdf5d5ec9c97174bef3b467ae.ini

Filesize
1KB

MD5
15188592ce449c557e7cb0d0cce15d18

SHA1
faabb7fe64605b71096a3a10742b505888e0ba3f

SHA256
6a7a69c777d4c7f82fd0191b26d8b857f0c8265d92e2b670eacff1d950e2f528

SHA512
bceb271d1184f2cbcfbd68cd4aba5570ac0e9881fd1b277cca82f45fedde90b17c505c00658a4f030325ca89355b75349a05b82166f2095b18170e3ace396a43

Download Submit
C:\Users\Admin\AppData\Local\Temp\cf7a36bfdf5d5ec9c97174bef3b467aeA.ini

Filesize
1KB

MD5
71cc57880b35a1b7c9fa8c1753bc03e9

SHA1
9584ff3a0c9cf35d3b9f6e9aec7ecc1dbdbc4617

SHA256
0a673a7076bb69109ea938f8be6e369532863b78d82d254b911befa13789fba7

SHA512
080f9c18cfd02f589098282f5220f8814fc35b4b6f8889fe7bb2bb862031f015cd874a27ab73d77db06b2e436e90ffef02e6de1e86a1512bd952cc84a393609b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec0475c26684b58d71051fddbc49606766c59e3607c6508a07db66c834f0d9e3.exepack.tmp

Filesize
2KB

MD5
e9eb589d5afb745ada377bdecb6564b5

SHA1
dbb0916e02f6c0dd2ecaecb0086b2c6801da60f6

SHA256
a95280fb657141004c1198dd27a7afd74d640a759a7d93aba878bfb42369cb67

SHA512
07f707a07f70cd9328340e8eb05ea5da2bab38c5f33c228825455468a508698621c70f509ad140df7cc818bb01e7389b84cb2ac9861947ff812c26277da3e1f1

Download Submit
memory/3356-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/3356-0-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/3356-2-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/3356-1-0x00000000021D0000-0x00000000021D3000-memory.dmp

Filesize
12KB

Download
memory/3356-318-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/3356-319-0x00000000021D0000-0x00000000021D3000-memory.dmp

Filesize
12KB

Download
memory/3356-340-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/3356-341-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/3356-344-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/3356-366-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download