78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9

Analysis

max time kernel
119s
max time network
133s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
24/10/2023, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe
Size

2.1MB
MD5

91a57235cf055df37066461f279c76d0
SHA1

bd6fea70b5c7916475d7f3c53854bf6c3df224d4
SHA256

78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9
SHA512

46b756738a34af0712e8740cb2d5fb9ca37a3e2f3cc0c5f99f1f3d9bb6c4fbba3c76c5d88a57abe7450395801ff47028f17e75da960ffb2f7265eacee80a84dd
SSDEEP

49152:F9Wr2OIWdN7zIT0VIBOIJd+wsVLiOMcVIAfjj25:mIWdN7u0k9b+wsVLiO9VIb5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe
2516	78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe

C:\Users\Admin\AppData\Local\Temp\78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe
"C:\Users\Admin\AppData\Local\Temp\78b32e460110a705cecd4f833a5b1e22740a55aec348cee74ca52a13a0be60a9.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SettingFiles\Settings\Image\Exit.bmp

Filesize
822B

MD5
d64ed239f9acbc6082d8a6933fa3684c

SHA1
3388aa8ac29ac733cf9d2d744411c6b2e0aede33

SHA256
b002f6e879c13b598096fb413d2f752902ded8c2c875d17dff15ce6cfb3252ee

SHA512
32b8b8dd3e88383f2205fb9aec62249d144841b56e32ad3c2c09a76d3161d19506c8dea9d384b47f080cf61566b8572515a795e3b6804787b90aa985481539cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\SettingFiles\Settings\Image\Exit_mo.bmp

Filesize
822B

MD5
843f7131f863e3ae0f59b0ae6eeb3653

SHA1
40d71cc5fc97e1464d285f20a719fb1205c5d6fa

SHA256
68d888f8b86e9ac53a23064182466cffd185db5aba9d86f0f38ca5192fe07004

SHA512
af905620ff0db00983680f9972680ee55fa8ec34fc97caf317b6a98cab46468b0653e0bfcf184474413f477873198427d13a38ec9c88c485c33ccf9b956df9ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\SettingFiles\Settings\Image\background.bmp

Filesize
498KB

MD5
2b4ee05531aa8ee79a743d35f652e4bf

SHA1
b040ee072b59318ff10aa896910b1bbead32c631

SHA256
78c143997eab801db27ae1b4e9cd0c4223c4427e2647565f44bc9ca54949a1d2

SHA512
c95a57fff548dd41cd08d59f4184e76a5d9f7d6a62aad0b625e03ab3331064c512364ad90cb9bedb8c8573152c2536232e10ad5da025d9486047c52c0f11b177

Download Submit
C:\Users\Admin\AppData\Local\Temp\SettingFiles\Settings\Image\start.bmp

Filesize
22KB

MD5
67e40d1afb1d384ef00e845c9947bc76

SHA1
dc43b215fc550f045165cc6e63a8d615b82c6054

SHA256
d7352834586d7c48d55e9dd6b4959f305670ad3027c90cb000ca4780aee48dfb

SHA512
1356328fbf2680090b2ebe76941ed942fb92f497014a383d79e7c37809a26b3e5523720297c39fdac2176e7f0151f3becb1e5138352ca8d11478dd8b19b07271

Download Submit
C:\Users\Admin\AppData\Local\Temp\SettingFiles\Settings\Image\start_d.bmp

Filesize
22KB

MD5
0c99c557f952341b7569a12f3e083070

SHA1
956d823d435ccebfd63359389f2dbb0314ab092e

SHA256
ccc93644dbd5f513238532b204e3c800349871e10a84da52db42d4554162804f

SHA512
bf9d5d39415fe5820ecb64b678c92f629f088a3dac31bb35ecf8b3135656440cb1057c7c5dc8fdc2cd8ed6f2ae450a5a298d05c23b10d7fecae1ba9efe318e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SettingFiles\Settings\Image\start_mo.bmp

Filesize
22KB

MD5
d896e3a87a54e66b2679bed35938e629

SHA1
349f770312113006ee761289f47ea032b05c6f74

SHA256
dabf1dce4f0c3fe19e848d2d08a93f4765bf6d895b4be4b61cc280eb68da470e

SHA512
b712df9aaed1a27a9a6e509d7216530fc3594b6de9a0319bd4c9f52e674d7ba978894ff9537a02ccdec3e1d9887628a99f2bbae9145464df9d653e3ed43fc657

Download Submit
C:\Users\Admin\AppData\Local\Temp\SettingFiles\Settings\UISettings.ini

Filesize
3KB

MD5
109825420ede9360acca11991178a2c5

SHA1
629527ca6da8ff059e198d2a397c20e78b9816bd

SHA256
84b7da40afa471c9ab181fe343679799a4f292698d8e9867db9130327b5d63b2

SHA512
ad01d4fa0a94a3c7cfc304b35a81068da6b56f51a7d4d1954a8e41f993ef67c11a21b9a7fc438fd7d6b39e769c20e8ba8695b370a04d84079b5638067cc52434

Download Submit