1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
Size

13.0MB
MD5

be708a9caf3d68bff3aef8cc2631a1d7
SHA1

e8569f784c0ece85731c8d095684fadef93a3051
SHA256

1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f
SHA512

b4a2bdac4978901cc7991f08b1238256ef38bcaadea629093a6578eebce7683b48c9fab5d14b2d2439621e07170af3865ed6ac144788567194f1e616b07f65a1
SSDEEP

393216:yCTKLmknTYN6HDJ2EHmzHC8qC+9J9MynG:yC+LKN6jJ2EHm7M9JPG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2760	2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe	93
PID 2060 wrote to memory of 2760	2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe	93
PID 2060 wrote to memory of 2760	2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe	93
PID 2060 wrote to memory of 260	2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe	94
PID 2060 wrote to memory of 260	2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe	94
PID 2060 wrote to memory of 260	2060	1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe	94

C:\Users\Admin\AppData\Local\Temp\1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe
"C:\Users\Admin\AppData\Local\Temp\1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exe"
  2⤵
  PID:2760
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1cf6d96af56591c274d95117ae6a7bdf13628a4a24043b9706d2b464c478837f.exepack.tmp

Filesize
2KB

MD5
198801662b23d6ead0c56df759be87be

SHA1
89e5cf42ad790bb2d86f9513f0bd2cfca4a059ce

SHA256
0c052f390772988ee339be963f0d43a2cc46a08e6e3920226f894bb93799075c

SHA512
8e7c489bef833ea3b48e25a1edff0e4777275a610b08cdefb1ddc64c1fe5b1af7711d795f491929db89fefef59a60ec25c7d6825ef1b51d2d98e19b9104f9fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\507e0d513f64dbd34572dbd274451240.ini

Filesize
2KB

MD5
8e43a7d27e329aefe285120764f09168

SHA1
205115e9b6d120a0bd7620099a7557cd86c3d667

SHA256
563fd96796d456ce6b47095b2b214eb2ea6ac87405ddeeefd8a9b9e7c60a5016

SHA512
c0ffe6734c0e8b17b26598ef8ea992c47df9846396b8f955f58cc84b4a0d440e54899bb4f5270e39dddfbfd87a59798e052208f7489d87b625f187025a635279

Download Submit
C:\Users\Admin\AppData\Local\Temp\507e0d513f64dbd34572dbd274451240A.ini

Filesize
1KB

MD5
279e5c873472e684e6b7f9fa1519368c

SHA1
a2c10ec43cf0af8107facf0c8c84869695954b36

SHA256
2cdc6196ad6475f88a736e75fc9e418ec298072f66603d966b5bb88e927f0500

SHA512
724b360659f588b0cf2fd2bf1717ab193c2efcecdcc2514628e55d2d6a72ba1213796a844e2e0b3760f6602077aa473fd1d252740c6d353b9364143a59b9ca73

Download Submit
C:\Users\Admin\AppData\Local\Temp\D3DX81ab.dll

Filesize
664KB

MD5
96831db43a5e23cd897e2908ad4879f4

SHA1
d2ab0e4f38d5ca00a4b057b05b9c4ae86e50582c

SHA256
00e100a10c3413090951b0e66739d071cf79b8b9337afef5d675874bc68c3f02

SHA512
f4f9ccd6fe1a767160eaa7c0a86db102769211ae89d5da9a3851f75c01deb457ed94d9be366969709d73f21e94df52880f1d72f5ff3bf96f69e0b2c6bd2b017e

Download Submit
memory/2060-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2060-0-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/2060-2-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/2060-1-0x00000000020D0000-0x00000000020D3000-memory.dmp

Filesize
12KB

Download
memory/2060-444-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/2060-448-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/2060-449-0x00000000020D0000-0x00000000020D3000-memory.dmp

Filesize
12KB

Download
memory/2060-450-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/2060-451-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2060-459-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/2060-464-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download