7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31-10-2023 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
Size

7.5MB
MD5

ce713de713f91cfba070eb7292ca7640
SHA1

2702321956cde882f61dea49c1ff78ce129b6d5a
SHA256

7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256
SHA512

b11671d950de6284be9c68ad9b4fd9e17821f2a9b96c6abf6cbc7540d7cc5295fe6289e167b42e514cff369081b2868fdde7a2348e7cc35ce6bddb14978c8b95
SSDEEP

196608:GkPNZZ+fu73MuYu2ulcuxuuuQuZuxuFubuquhu0u5uNuLyuDs1uJuIuFuDu7uMuq:lwCIMPA3D

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
2448	7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe

C:\Users\Admin\AppData\Local\Temp\7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe
"C:\Users\Admin\AppData\Local\Temp\7d62e6eaaa0ee3f41d6da8a9a106c598843185ce7339b08346b1a820efd13256.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads