dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19

Analysis

max time kernel
212s
max time network
235s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 02:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe
Size

7.9MB
MD5

c8b1d502bae993d0d5d93f5a049a4b75
SHA1

ed697664ad05a1dc4011f18f83d06326ce55a002
SHA256

dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19
SHA512

9d15dea683038c0518c0748c60a4d72158558621889deb4d323c79aced17cca893360af0424abd94078229004bc552182ee4a7c8b49767e3710644b49e048134
SSDEEP

196608:5DSbUJ1bwVwYBR7v6wV+3FaKXngbHGsWMXCJgTtwrAk+L:5TwVwYBxHcVRXgbEMIgTt2M

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe
4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe
4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe
4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 1972	4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe	87
PID 4688 wrote to memory of 1972	4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe	87
PID 4688 wrote to memory of 1972	4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe	87
PID 4688 wrote to memory of 2528	4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe	88
PID 4688 wrote to memory of 2528	4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe	88
PID 4688 wrote to memory of 2528	4688	dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe	88

C:\Users\Admin\AppData\Local\Temp\dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe
"C:\Users\Admin\AppData\Local\Temp\dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*0049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exe"
  2⤵
  PID:1972
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8060d18865053e09f9f8767017cf03e0.ini

Filesize
1KB

MD5
e70f2bd9db1bfbc209d9eec4cd59b553

SHA1
34be2b40db4eb055b276436b778d61d6ba7d5fef

SHA256
daf0a4a2deb32d5a3f81c9ccafbb79a4d2e3938f72af919557802dba903128d1

SHA512
790b0a9cdf35713fdbfa5b94bd5d7bfc1ded39a8bed73acc9511e89d956a48901161bacac9970c3337e02c2b1f82587559a451afb19998682ac3c790c7a584d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\8060d18865053e09f9f8767017cf03e0A.ini

Filesize
1KB

MD5
354de0bec2ea26d754b834aad35f09ae

SHA1
82ec64f512153baa1ee314d8494f9def2b16bed2

SHA256
2eae3b767fe1c00c70a49f07ea1160ee8b679fbe4c300292f49ab284fc8c25f1

SHA512
7e0b1152f1afcfd828eb9da9937f6daea5512f6a05e88809a14037f13e68dcee1b62e13392868f3f11706e159570b44afbd30f94c799aeb82cab962ef4129f9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\dc00049659395111a4e018ccb6f0890b8ec77f42d6de7b573652cae7c2ef5f19.exepack.tmp

Filesize
2KB

MD5
85e64a776bac67f60153f0d73da9b19f

SHA1
db0e1abece6410f08435bd6404ad3158e4ef03d8

SHA256
25c7542111347e9f6e8c7b72e9174edf11d7446eaa1cb258c5b8638e6c8fe4f6

SHA512
d98d70e220481117d848b0efb690515c79dcfca6b88121f2e36285b2a7968ebc1b6021466ced3770d366b3beb734600378e76a6b62b75f193a7e1d08ac4c3305

Download Submit
memory/4688-6-0x00000000021D0000-0x00000000021D3000-memory.dmp

Filesize
12KB

Download
memory/4688-0-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/4688-8-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4688-5-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/4688-2-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/4688-1-0x00000000021D0000-0x00000000021D3000-memory.dmp

Filesize
12KB

Download
memory/4688-342-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/4688-343-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/4688-344-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/4688-345-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4688-346-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/4688-349-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download
memory/4688-353-0x0000000000400000-0x0000000001EFE000-memory.dmp

Filesize
27.0MB

Download