Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-11-2023 07:06

General

  • Target

    E-FILLING FORM B.exe

  • Size

    2.3MB

  • MD5

    252278969fa0d8c1cc719e73b61a76a4

  • SHA1

    e1c516032393ebc83d5e2e44c72aa8f636ccd0b2

  • SHA256

    617cc50e0428e187c69d94da100ea9d3653a1b557e0cb76ba8a767a919192195

  • SHA512

    a65fef823d9d781909f2d03cf9c647f0ce60d88d5dd8cf56375338f2f3541c38d5e27432347d74f6e5b3eb21788e03ba0ccb75b4ce64c01dd13f3e61e1118b42

  • SSDEEP

    49152:ikWk5cS7a+9XYaQ9Zehc4mTYJ78V9gyBn4c0fmP/SA8N:WajJSZ942KQV9hp4dfmP/SA8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\E-FILLING FORM B.exe
    "C:\Users\Admin\AppData\Local\Temp\E-FILLING FORM B.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:3648

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads