68473731ad9a60bc1dae7c168eb3fe7ed68b1ad77d56e86c60ea43cac5c8342c

Analysis

max time kernel
143s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
05/11/2023, 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68473731ad9a60bc1dae7c168eb3fe7ed68b1ad77d56e86c60ea43cac5c8342c.exe
Size

11.3MB
MD5

94a1182860fa601d748904ad348879cb
SHA1

16d9cdf02c1ad961c980f7a51331db2086b6b470
SHA256

68473731ad9a60bc1dae7c168eb3fe7ed68b1ad77d56e86c60ea43cac5c8342c
SHA512

a59e034a3e1c7b4acae2131eb24c056639e5652c8f3911d96958a98b23315b7462658d12d1903ba5269388c12c9b0e54a44658555922029d3dea4d4e893e2746
SSDEEP

196608:1k/UdJL9EROpo0/ePAViQ66CKs1lfUGAdKU8cOZAA:1kM/pVePAViQWKCAdr877

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3032	68473731ad9a60bc1dae7c168eb3fe7ed68b1ad77d56e86c60ea43cac5c8342c.exe

C:\Users\Admin\AppData\Local\Temp\68473731ad9a60bc1dae7c168eb3fe7ed68b1ad77d56e86c60ea43cac5c8342c.exe
"C:\Users\Admin\AppData\Local\Temp\68473731ad9a60bc1dae7c168eb3fe7ed68b1ad77d56e86c60ea43cac5c8342c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3032-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/3032-1-0x0000000000990000-0x00000000014F9000-memory.dmp

Filesize
11.4MB

Download
memory/3032-2-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download