e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22

Analysis

max time kernel
152s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 17:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22.exe
Size

6.9MB
MD5

80167da0d06788fb90f9f38736e61d9f
SHA1

27eb2e58154683ce4511029afd0e50a875774f21
SHA256

e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22
SHA512

f9c5f1a5f3856a7e63168be14c4a0cb13a1fd3be937a4e9ed48c738a39800cad5ec00470ba1876f747da33f1a79df5ab2447c85e81d05cf0a3871db9aab05cc6
SSDEEP

196608:Yggn5USiTOXMMEB7O1c0CM34T0TH9068X20YU:YTn2oXMMEB7O1kT4m68X7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4176	e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4176	e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22.exe
4176	e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22.exe
4176	e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22.exe
4176	e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22.exe

C:\Users\Admin\AppData\Local\Temp\e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22.exe
"C:\Users\Admin\AppData\Local\Temp\e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\80cbe4cbd98aebe22f46223c0f4d3027.ini

Filesize
1KB

MD5
526eaab6cc04854cb66b09911323e62e

SHA1
72366b03300edcce997373c396e62a93f14f2b00

SHA256
790064797851618047bd530031368a506c0cea4f0279810ea34c46a6b5a1145b

SHA512
81e356424f583475e2d366e8d8f8657ba71c9f2c4eeda96d3a22cd52d814866cd714ac27eb3d118ed5481c0f0b0861ea6bc55b94cc5b86b7800004458ace9408

Download Submit
C:\Users\Admin\AppData\Local\Temp\80cbe4cbd98aebe22f46223c0f4d3027A.ini

Filesize
1KB

MD5
406d54401db50d90d5047110c804d630

SHA1
ebe13c5da9d75f04abcdc3bf5a63adb1342cb3b7

SHA256
0ed6aecb6dc649fb4ac346a76d6e66bae2f873aa6694efeb636f988ccf257fbc

SHA512
f5883df22217d2d7f4b2d97d343f1ffbd86dae059e8813c6336e8c0a09e5cc37bb5a294c8dc8e871ca78de2d5cda736af34d347bdb1f5309bd08e75b2429e497

Download Submit
C:\Users\Admin\AppData\Local\Temp\e33f41fd6d0f0dddabbcf2bb06e69636557c992379b5c9a36c0592cb944d7b22.exepack.tmp

Filesize
2KB

MD5
ec3a267e56205bdfe480751beedeac74

SHA1
0ada13f93f995d7b811d434ec895a69a37bb2a85

SHA256
8d77c6a66e6159405d3243d4fb3d4cf354fd7be25213fbaa4a82afe17c987836

SHA512
9303858685dccad35611b7640c5939b73fa0017888308dc726ab0d29f9a61da0c618d8682416b6b918308b26a180440f981017cbfe0b887a65d6f631efd19d62

Download Submit
memory/4176-338-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-340-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-1-0x0000000003B20000-0x0000000003B23000-memory.dmp

Filesize
12KB

Download
memory/4176-331-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-332-0x0000000003B20000-0x0000000003B23000-memory.dmp

Filesize
12KB

Download
memory/4176-333-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-337-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-0-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-339-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-2-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-342-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-343-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-344-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-345-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-346-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-347-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-348-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-349-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download
memory/4176-357-0x0000000000400000-0x0000000001D93000-memory.dmp

Filesize
25.6MB

Download