Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
23/11/2023, 12:50
General
-
Target
ClickOnceTest.exe
-
Size
12KB
-
MD5
6527b808f2414e30fff25b5e307a05c5
-
SHA1
0f23a3b3078a4d4cd48256ae372039dfc42192fb
-
SHA256
90d5203692e216438a10f1d810ca3d89a8baadb75d78437b8fbace580c983a82
-
SHA512
66caa9e4045aaeecf581eeefde8bc7e6f9f58dd42fc5457a8db2e01327d1e92d41eb4d3192127e23df3c2f982c6a17a6b39651cd9ca4ce953c2a5b427f352c57
-
SSDEEP
192:s6gqVc6w1DWpHkj23HGPDtyA5K+o/y2sE9jBF0Ny6aLc:7vVk1DGE0ktyAM+o/8E9VF0NytLc
Score
5/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ClickOnceTest.exe"C:\Users\Admin\AppData\Local\Temp\ClickOnceTest.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\calc.exe"C:\Windows\System32\calc.exe"2⤵
- Modifies registry class
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
-
Filesize
10.8MB
-
Filesize
10.8MB