874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 05:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1.exe
Size

13.3MB
MD5

b70dd1c3e354403bf6f91d06fa8b0bca
SHA1

2d6f76e434a7bceef9b2461c77054a95fa6a8f54
SHA256

874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1
SHA512

04241bf3c2d042f7ddd27a63734cd0cc8f86b79117036f9016fd57bbd8a07b6ddcd0d728b827e7f76206e4ec99491152282e9b9470ba19508cc52226e977253b
SSDEEP

393216:6r+xdFuJDlg86gk1DRE8MC0MIo1/RcBS/pHaRSi:k+xmDlgn1DRE8MCTiBS/Zi

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3420	874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1.exe
3420	874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1.exe
3420	874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1.exe
3420	874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1.exe

C:\Users\Admin\AppData\Local\Temp\874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1.exe
"C:\Users\Admin\AppData\Local\Temp\874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5e5b7a8e04c5c07cafdd7db71f35b774.ini

Filesize
1KB

MD5
032a3262cb56a0e4c94af720b8629fdd

SHA1
374bb45c709c182c96b69347db4745927b2b92ef

SHA256
6a8ef7c5b44d917153d917f1c1a62fedf840cdf0a0ef71f7289a813bf8be7c1d

SHA512
7beef3fa141addabbaa66f8bf6115332a40042ee5e7b4c31cc3aae6e4b9d8b0cee83c82f4acd1e85ff43b74614b346f6ae991095fa67d896b323e0884bbb697d

Download Submit
C:\Users\Admin\AppData\Local\Temp\5e5b7a8e04c5c07cafdd7db71f35b774A.ini

Filesize
1KB

MD5
60869bb177af0c4e794971761e6af7c8

SHA1
02afe25388013d77ebfcb86026ac569540734e6c

SHA256
c0bdd6fb867b869eb9d369b697e11b7bbb008e00895e84847968c3ed590c1ac1

SHA512
a55284ba01c12993527a1aed6791794b1b2de7acb0674783fd328801d51a857de5a6db2dc61df5dcdc7d353bb8e0b7b9b18fae7cce5ecc5b53683e3a556c4f60

Download Submit
C:\Users\Admin\AppData\Local\Temp\874d0ae4dd24efd5f7df81628921f0bdc8bc826c3e47d573727b1d7a2705fce1.exepack.tmp

Filesize
2KB

MD5
f8d7097b49713312851cd486274c78f3

SHA1
4f580d61c4a82cf426d9e9fd495c7baf869402ee

SHA256
ac9ca3b39c3b8a1e8c9d32b2d221b458b87449bff10883bab23337a9e0018e85

SHA512
67d5c1a1b45b0c348ceabd4d285abc18a8187a078cddcb7af6b421d4ee80b72a723e09333d6d40a1860bce10d5d2effdd2e5c1daa6ba3f4cd51efcb0e9fd927f

Download Submit
memory/3420-0-0x0000000000400000-0x0000000001EAF000-memory.dmp

Filesize
26.7MB

Download
memory/3420-1-0x0000000002480000-0x0000000002483000-memory.dmp

Filesize
12KB

Download
memory/3420-2-0x0000000000400000-0x0000000001EAF000-memory.dmp

Filesize
26.7MB

Download
memory/3420-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/3420-359-0x0000000000400000-0x0000000001EAF000-memory.dmp

Filesize
26.7MB

Download
memory/3420-360-0x0000000002480000-0x0000000002483000-memory.dmp

Filesize
12KB

Download
memory/3420-361-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/3420-366-0x0000000000400000-0x0000000001EAF000-memory.dmp

Filesize
26.7MB

Download