Analysis
-
max time kernel
167s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
13-10-2023 13:01
Static task
static1
Behavioral task
behavioral1
Sample
14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe
Resource
win10v2004-20230915-en
General
-
Target
14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe
-
Size
10.3MB
-
MD5
c5ab70c5499479d4cef6e70f4af77430
-
SHA1
96ecfdfb1e8c15f837420b6a22c3412394d46a77
-
SHA256
14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f
-
SHA512
08d80bb55bf7631fc7d0b2d0c93da8e500633bbbb8e427f798d305a7111729cad4061a3ce481f17b9e0879ed0ca33c4e4b50f6ab29de05bb12b11567d5d4656a
-
SSDEEP
196608:BwaTT3qJJD6FCIEHzVE3pOv8mpRobIxpMNcDbImKkE6hpwOYFXpL5w:GaTrqJJDW/ZOv8mpRCorD6kfhpwdFXp+
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Neetcapers = "C:\\Program Files\\Mrosofs\\tackmgr.exe" 14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
Processes:
14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exepid process 3148 14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe 3148 14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe 3148 14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe -
Drops file in Program Files directory 2 IoCs
Processes:
14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exedescription ioc process File created C:\Program Files\Mrosofs\tackmgr.exe 14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe File opened for modification C:\Program Files\Mrosofs\tackmgr.exe 14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe"C:\Users\Admin\AppData\Local\Temp\14b152a5d29491e2e9f807fb2c584ffff157aa7cee57fb46af1698020e288e9f.exe"1⤵
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
PID:3148