798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83

Analysis

max time kernel
152s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe
Size

15.7MB
MD5

f3efe4846c05d78fc19e67e9d860f8e9
SHA1

840496918b38f8bdf54524cff3a4182eb9e4c7fc
SHA256

798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83
SHA512

b9db004c249a5552e76532d4f5c2b39374ed2364cad9d7d9e768b7e854050869d26f2309e933ba7ead29e434194ca96ce3d6f4167222f401165de15e8bc36dc9
SSDEEP

393216:BtnDLsIlJQJefdVeyit4RwUHhkcLwTeUX:BtvsIlJRf2yiCHTL0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe
536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe
536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe
536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1208	536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe	90
PID 536 wrote to memory of 1208	536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe	90
PID 536 wrote to memory of 1208	536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe	90
PID 536 wrote to memory of 4540	536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe	91
PID 536 wrote to memory of 4540	536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe	91
PID 536 wrote to memory of 4540	536	798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe	91

C:\Users\Admin\AppData\Local\Temp\798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe
"C:\Users\Admin\AppData\Local\Temp\798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\\*a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exe"
  2⤵
  PID:1208
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\\*.dll"
  2⤵
  PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\08145f2d18adadf99567e3909cb4cd92.ini

Filesize
1KB

MD5
4ec42b0f2bfe55bd0e1bddc7f9fbf7a3

SHA1
5068895d02f6c0237298e6aace08747cc0451634

SHA256
2cffbcbe33a1cf52dc91a96753d2ab0ab692dd81cbefc288084165386a7fd62a

SHA512
8accf843fb3b24b4adfdf3b50b99a394e62b47bc0d58724c0e8ed1b6d055ee631bf9801ae188c359dbdc9119fd080ec467b743f8a786ef50a0439b4160ba4f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\08145f2d18adadf99567e3909cb4cd92A.ini

Filesize
1KB

MD5
ae7cbf8d5ee5c226b6e74b0f572450a2

SHA1
0365c23ed1ccaf2456bdb3b93fe243707db01ceb

SHA256
1850240e8a3ee8d3d22181a52e0d5149208c2207610f95f7172ed5e325fa75a7

SHA512
d14413173892c07b9bb4ff1e5acedfdf68f8f5dffb8b2f1d58a955b6f142bb009ffed2dced0fb86c429806c59c758f06548fbf961ce981370a71272e971f20cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\798a10c97e9a9b949ee09e5fabb83e40ab3ab40bdb6adb7ee4bdfad668b62a83.exepack.tmp

Filesize
2KB

MD5
401c34fe853e58dee62b223bb9b7a1c9

SHA1
5d8dfa2f414cf0c9955eb7917db3aa1d209f72f2

SHA256
3774d56798d7cf57e2bd733dd2de75c3b6ebb6fb555088de873727b2838de141

SHA512
47668c90c507da83039ca4be6a250be6d192cf0eda04fc7232f6ab7cb4dd81ef7353f156885be2dc65512e0e082a785af87f35fb1d0304a20ce3fb27a0c8acc8

Download Submit
memory/536-0-0x0000000000400000-0x0000000001EE5000-memory.dmp

Filesize
26.9MB

Download
memory/536-1-0x0000000002180000-0x0000000002183000-memory.dmp

Filesize
12KB

Download
memory/536-2-0x0000000000400000-0x0000000001EE5000-memory.dmp

Filesize
26.9MB

Download
memory/536-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/536-323-0x0000000000400000-0x0000000001EE5000-memory.dmp

Filesize
26.9MB

Download
memory/536-341-0x0000000002180000-0x0000000002183000-memory.dmp

Filesize
12KB

Download
memory/536-342-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/536-343-0x0000000000400000-0x0000000001EE5000-memory.dmp

Filesize
26.9MB

Download
memory/536-363-0x0000000000400000-0x0000000001EE5000-memory.dmp

Filesize
26.9MB

Download