Resubmissions
11-11-2023 01:44
231111-b5tg3sdf9y 6Analysis
-
max time kernel
144s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
11-11-2023 01:44
General
-
Target
Stormshot.PC.V1.0_4c9ef25b2f.exe
-
Size
2.8MB
-
MD5
6aae47cbaa4c56095a1eb0422c1d2ecb
-
SHA1
34e29d1801d270a2bd7ac02d4ea84c14c553d66f
-
SHA256
ffd63fe2aeaa91f05bef47b3583290ccdba3f44912ab8b67044f3d58bf817ebf
-
SHA512
d6b2406922d2618816db55110bf12a8579b69325e0c196d0d2508bafec68a0430acf48482160bf42cca4bd0995d864abfa2425e8e5af794c8d8d1c430fee4cff
-
SSDEEP
49152:c8ZQVqWu+fqu79LNTRBO1L2VQjJY80KruthaPVu+2zE0y5VCmdAlacRk3Y:vZARtBEqVQq80ThzTzEElask3Y
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Stormshot.PC.V1.0_4c9ef25b2f.exe"C:\Users\Admin\AppData\Local\Temp\Stormshot.PC.V1.0_4c9ef25b2f.exe"1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\st_4c9ef25b2f.exeC:\Users\Admin\AppData\Local\Temp\st_4c9ef25b2f.exe2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52.4MB
MD52dd6593bf8934eebaa3effb889ec03b0
SHA1fc96e4f015156047280d7f99570de6ae81488dda
SHA256d53bea3bfed0739885810c87ad5be9124b93bb90e9b88a1a5b883b48bf7aaaf3
SHA512ac5247777b1743c199167f49166cb52b7a20e0dd7d06abfaae10e02654bbd4b773939ac0c628f86c71aefcbf75501cdc89ed395a491d93d0747e9a8be60fc6c7