efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
24/10/2023, 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe
Size

14.4MB
MD5

a24fe158c97121e1a5e3aa9e022e1e50
SHA1

747e4db53d3a8dd72eb5919af757b39197eacc4e
SHA256

efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c
SHA512

bd11afd8cc5e70831053033fbbf718dfdb6bf270bb7b591829ecd3a9a75a01a889f2fe0cb4f7b866826085e15d2b510a0bfaae2e96f411f584921d9ffbfcccaa
SSDEEP

393216:eIFU1FDIwE/19AUlR1JOFgt9yYk7MuVA417xjiBH7VP5:9U1FDIH19AUlZOcyYX+xj85P5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe
1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe
1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe
1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 4956	1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe	90
PID 1488 wrote to memory of 4956	1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe	90
PID 1488 wrote to memory of 4956	1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe	90
PID 1488 wrote to memory of 1736	1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe	91
PID 1488 wrote to memory of 1736	1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe	91
PID 1488 wrote to memory of 1736	1488	efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe	91

C:\Users\Admin\AppData\Local\Temp\efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe
"C:\Users\Admin\AppData\Local\Temp\efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exe"
  2⤵
  PID:4956
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00f91f2c454bd791745e0afa4f99433b.ini

Filesize
1KB

MD5
052d3972eaf292440267682e2c6372c8

SHA1
f24b8eaa508e75e44c8ad679300b6575cb986f2b

SHA256
4984280971cad5079fa6f9c47193c064f839de5d1bf0f28e3065736a504f5dc8

SHA512
682171ba5d32aec2369600ca9d9316caccc043e32315d9a1543e8ecb1b82bdb981abcf52a5860e81226a981b8f5d06db6e4f0dc4142997c590701b0d6b995cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\00f91f2c454bd791745e0afa4f99433bA.ini

Filesize
1KB

MD5
3b35a28b7131fdf5fae9002e8d3b4b27

SHA1
80d53fc208fbb942ce0b7628e5cf5474ddb0560a

SHA256
7870659ad928686d0746de2076368b813ecf190898cafc5737e9ed32ce318d0d

SHA512
dbffe166541fc14bda8bbb974c797339ea195cd4d0c719eab4db715a685c29b703053f76b562876a1e29848391aae2a48d4995a32f5e90d431b0421c887a93e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\efa6fe7b395e7192b14b31f1662bc3d1e285f50dcca8445c00efd5862f72a55c.exepack.tmp

Filesize
2KB

MD5
32ffb4f155494b287bb7eb6572bc619e

SHA1
989762b22c7496d70062aa521c92708a3c818948

SHA256
01b39759b9ea69f86645761f2fae2ca8d395e83c34c4ebe2fa360659487ce067

SHA512
9e4ca3fd77a3083224378d4d400ab0d7095e7b641d6d76604c4aee971d9ea6c01079e4c47844badf9f871aee9a38f7d037d4734087acb249bb0ec8bd1339387e

Download Submit
memory/1488-0-0x0000000000400000-0x0000000001DCB000-memory.dmp

Filesize
25.8MB

Download
memory/1488-1-0x0000000002080000-0x0000000002083000-memory.dmp

Filesize
12KB

Download
memory/1488-2-0x0000000000400000-0x0000000001DCB000-memory.dmp

Filesize
25.8MB

Download
memory/1488-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1488-337-0x0000000000400000-0x0000000001DCB000-memory.dmp

Filesize
25.8MB

Download
memory/1488-341-0x0000000002080000-0x0000000002083000-memory.dmp

Filesize
12KB

Download
memory/1488-343-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1488-345-0x0000000000400000-0x0000000001DCB000-memory.dmp

Filesize
25.8MB

Download