ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe
Size

8.2MB
MD5

ce44c0f26a3351e8d4ca6b946bc41244
SHA1

b30bca97d1f5f91473ac5ff6056012b3bde32499
SHA256

ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1
SHA512

69e373823670f00b419add0e1f211aef0d02dd70a8a9ce1fda513d203276adcdf28d1e0aaaa28de86ba85e812b87b8e52ed1dec982d1c752157fcc608676c74c
SSDEEP

196608:FQ5s13C+iLGbXmQSK3LLUG9I+uLgkODnD/v43kaN2xl:FQK3CpW2+3c+7yx6zv43d2b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe
2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe
2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe
2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 4720	2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe	84
PID 2384 wrote to memory of 4720	2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe	84
PID 2384 wrote to memory of 4720	2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe	84
PID 2384 wrote to memory of 4972	2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe	85
PID 2384 wrote to memory of 4972	2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe	85
PID 2384 wrote to memory of 4972	2384	ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe	85

C:\Users\Admin\AppData\Local\Temp\ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe
"C:\Users\Admin\AppData\Local\Temp\ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\\*.exe"
  2⤵
  PID:4720
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\\*.dll"
  2⤵
  PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4a4b9e8d77a4d2b571eb2427b59694fe.ini

Filesize
1KB

MD5
b30c2fb7a4afd4bb4ed174a38d68b764

SHA1
51939b350b7b5b3b79a23f9d6a171a7eff4c640b

SHA256
6b32598b4c7b38291bfe8595550a8a299880bbec672089fd3d43264e6b6b8b30

SHA512
675437a97d1fd0ca6255029ab24fc3c1ceab14cf4707f3fba2e62c02ddc6b126671a8cc3e4883397956834a97229aa6a18346e068038d706083c6a536dfda140

Download Submit
C:\Users\Admin\AppData\Local\Temp\4a4b9e8d77a4d2b571eb2427b59694feA.ini

Filesize
1KB

MD5
6cf364ca5ebcac9f0beae5ee3d2ea77e

SHA1
0cf2c6db54fe99f9e2847309157d79bee637f791

SHA256
f8f162b0d18c0deb3f43fe9624f1da9fa85535ac9fcc083124c1d1c11686351d

SHA512
51ed1549844abeb726257f32acabc40e2eb0ee4a4d4775084f61884543a896e40da7073d03882e0fd3bc4965133620c859b502bb993f4088510282d24e60d320

Download Submit
C:\Users\Admin\AppData\Local\Temp\ef604536ab579052e251fd2ba2b968f8ae26184f5de418690f27a7dcbf0937b1.exepack.tmp

Filesize
2KB

MD5
d8c266ee6e37a944268020548b7eff9e

SHA1
a91357eee86d1c23b2f19974e8e3e09c8037e577

SHA256
5217c33eb5f3ceff3af1f9a59412c460d2df1543a35afab776e914f3e838757f

SHA512
11ca92e40c3bd8fd4f6e2d7cf2130d56050bec8ddefaa8e207ca23ff046f319448dfbcd515d147a9967047108a2383ce6c3874809676b10690b663f11398c89f

Download Submit
memory/2384-0-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2384-1-0x00000000021C0000-0x00000000021C3000-memory.dmp

Filesize
12KB

Download
memory/2384-2-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2384-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2384-119-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2384-320-0x00000000021C0000-0x00000000021C3000-memory.dmp

Filesize
12KB

Download
memory/2384-338-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2384-341-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2384-343-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download