8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe
Size

12.0MB
MD5

789e768c23aa19668aa6a57239420d55
SHA1

a3649cbe458d2d73623bb5dcde31bb1e63131aa1
SHA256

8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12
SHA512

8f088d6704bcd1d1a5a344248aacc24ec01adf2b123e239f7bf5ced490ff446c986844d7c955d2d4183578554d326baabb0d2454313dffccf88cc42ad618aae0
SSDEEP

393216:N5EY1HKKgBn49vhQnqpDxiCfQR7790LRNNl:vEY1HKKgB4jQnEDxiztSLRNf

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe
4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe
4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe
4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 4672	4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe	85
PID 4528 wrote to memory of 4672	4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe	85
PID 4528 wrote to memory of 4672	4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe	85
PID 4528 wrote to memory of 1972	4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe	86
PID 4528 wrote to memory of 1972	4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe	86
PID 4528 wrote to memory of 1972	4528	8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe	86

C:\Users\Admin\AppData\Local\Temp\8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe
"C:\Users\Admin\AppData\Local\Temp\8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exe"
  2⤵
  PID:4672
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7d3000972cde43af584d3352218035fe.ini

Filesize
1KB

MD5
b351db4798ef5ff5aecbd68558d5caed

SHA1
875f717cc0d35edfb8ec20eed9a3ce01732e7ba3

SHA256
72a8a0cc93c747fee43f5998daf82c9f291a519f9a5798efa60507d1d792b300

SHA512
372c4534718afcbe3c0981047ef4eb00a0867a992a6c621bd7416b3b954980a3eb438f8323bfc57f0375d9f8a665031fc052f9002f2148959d88ebfe17645c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d3000972cde43af584d3352218035feA.ini

Filesize
1KB

MD5
2f256b74893dcfd095063dbfc9f3e606

SHA1
48a3816ba3713e223973a2ecfe4fc5f9455f4d6f

SHA256
e37a80a2b2a35c77da46372b4d7029cc533bb8d1d3bc454fa4603a3941e4cefc

SHA512
8b2513f6a019b64801d8aba5189dc8f5a65a742b3eb5d4d9fc108722430e5ca60272ed19fd528c2e5c61c9d6df2d8074d312933b8a0404e7fc3779a48eb04a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\8dc188992a81fc2e33f8b6f548b737c21327f6c77ff462932a442344a0d61a12.exepack.tmp

Filesize
2KB

MD5
533b8844e580b331400709c7266d1d52

SHA1
853567d084dc993113a3a40465424f40821fc560

SHA256
1935b285185f40099ae644a1cf15d770509fd9baca2762790cf8518dcc6f79e9

SHA512
3d24472a601f2c3a2bb8312ce979e5d2cfc530dc745718a9741f3a0f29bab05e6abdcde3968cddf21ddf55fd62fa4166542eb8df3b2a0a56ceff28080c5952bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\D3DX81ab.dll

Filesize
664KB

MD5
96831db43a5e23cd897e2908ad4879f4

SHA1
d2ab0e4f38d5ca00a4b057b05b9c4ae86e50582c

SHA256
00e100a10c3413090951b0e66739d071cf79b8b9337afef5d675874bc68c3f02

SHA512
f4f9ccd6fe1a767160eaa7c0a86db102769211ae89d5da9a3851f75c01deb457ed94d9be366969709d73f21e94df52880f1d72f5ff3bf96f69e0b2c6bd2b017e

Download Submit
memory/4528-0-0x0000000000400000-0x0000000001DB6000-memory.dmp

Filesize
25.7MB

Download
memory/4528-1-0x0000000001FF0000-0x0000000001FF3000-memory.dmp

Filesize
12KB

Download
memory/4528-2-0x0000000000400000-0x0000000001DB6000-memory.dmp

Filesize
25.7MB

Download
memory/4528-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4528-330-0x0000000000400000-0x0000000001DB6000-memory.dmp

Filesize
25.7MB

Download
memory/4528-331-0x0000000001FF0000-0x0000000001FF3000-memory.dmp

Filesize
12KB

Download
memory/4528-332-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4528-349-0x0000000000400000-0x0000000001DB6000-memory.dmp

Filesize
25.7MB

Download