59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797

Analysis

max time kernel
187s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 08:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe
Size

15.5MB
MD5

3774d5a84909297137015e7bdb7bea61
SHA1

8d85e7b2c0686877632e9ab059d8301eb9625cd7
SHA256

59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797
SHA512

db6a510d10f7cab06f5eb03e76fdbcaebb6eb43e911eae47d321215b3b680ee1cec091c012ab392eee0c7dd598792c38a1a052c8c72d23c0bbd90526694cd989
SSDEEP

393216:Mv8/Bfw/FWrX6lp8LMp+kfr1CN3ZTLUiSHOSK:MvMyRlp8SfoN3Z3d8OL

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe
1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe
1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe
1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 4308	1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe	90
PID 1944 wrote to memory of 4308	1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe	90
PID 1944 wrote to memory of 4308	1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe	90
PID 1944 wrote to memory of 528	1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe	91
PID 1944 wrote to memory of 528	1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe	91
PID 1944 wrote to memory of 528	1944	59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe	91

C:\Users\Admin\AppData\Local\Temp\59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe
"C:\Users\Admin\AppData\Local\Temp\59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*a094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exe"
  2⤵
  PID:4308
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5386407735307b265c057e7e9b2fdb7b.ini

Filesize
1KB

MD5
f41c03911136dc77903a7af094c9bf67

SHA1
084516a3305ce2dbd6064bb277694f8a8e7c0dfd

SHA256
2db96c219365e7c6e392b682cb3ed2ef28c3e3390f102d6a749b9a9179119746

SHA512
12417c77bb174cf00d1277261fec8ff0710ef27693d6d9bf23f1c7c895fa8724f5e3d322e6abbb095796dac2ec94162a6f4337cf7181789d5f3d4ad76133fd13

Download Submit
C:\Users\Admin\AppData\Local\Temp\5386407735307b265c057e7e9b2fdb7bA.ini

Filesize
1KB

MD5
27dd30937e24a164955837b0f2e96266

SHA1
5299e1d37011e769441b5de466afa09305e442ed

SHA256
61ba6f0aa154487b0f71fe285f8144cd2bff773ef1229e637b7d253b8056a98d

SHA512
0f9ce341f5c16c8051e4da84e508aab0890a0544ce1d659b053a6ee729d6ddcf24d90bc21ee7a0947261e8577f2dc39cd6a5b0cade002d773314d310a0fb24c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\59aa094fc703302a689dc0e63dc83e8013ba105c3cb09f0ef50facb0c2225797.exepack.tmp

Filesize
2KB

MD5
e3036213a00f97e95280d881d6528e1a

SHA1
8be5548c6ba929eb9f4e6153a2679a8c2deb5412

SHA256
03b4ff5b7d986bd8460bb50fc42f14c3bcd739030db9f187dc15e621a530edb5

SHA512
0a1e8794e99d53732acb763f07961b22a8e82702b8f0ef3d7aadf960c8d7255db50c27cbcb076996d86d0a548f4b3d20ecbe559eaac8055e9c7b6cc61b509c94

Download Submit
memory/1944-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1944-6-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1944-0-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1944-2-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1944-1-0x0000000001F80000-0x0000000001F83000-memory.dmp

Filesize
12KB

Download
memory/1944-318-0x0000000001F80000-0x0000000001F83000-memory.dmp

Filesize
12KB

Download
memory/1944-319-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1944-351-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1944-369-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1944-373-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/1944-381-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download