Overview

overview

10

Static

static

3

Tracking#I...29.exe

windows7-x64

10

Tracking#I...29.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    159s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2023 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Tracking#INV-IV1905-029.exe

  • Size

    681KB

  • MD5

    828636842c69b4e453f5735e77c89d36

  • SHA1

    b1c928ed1f9926fc64cee98be211a5e77c9551b5

  • SHA256

    1d2add4e6e6f86f45aa1a4b75c32e4efbf43bc117cc5b3a3927b4e548cf2732c

  • SHA512

    64b8f4ad28fd005936898e4fc244c8acab8257e04a033459a8b463fb5171a814ab20c7d5933577ef10562b8adba35eb4addd1060d1f18ce5448cfeec32cdfeb8

  • SSDEEP

    12288:OaiOid7BR6wTuHfH7eXkhH2iRr2nILMUrniYqW3WbKLrcPwp9euwjz8lIc2pvBpV:O1OipB+H+yR8VDvW3/cPwL3wj+i5pDmv

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Tracking#INV-IV1905-029.exe
    "C:\Users\Admin\AppData\Local\Temp\Tracking#INV-IV1905-029.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1016-0-0x0000000075130000-0x00000000758E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1016-1-0x0000000000620000-0x00000000006D0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1016-2-0x00000000056C0000-0x0000000005C64000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1016-3-0x0000000075130000-0x00000000758E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1016-4-0x0000000005060000-0x00000000050F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1016-5-0x0000000005480000-0x0000000005490000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1016-6-0x0000000000D00000-0x0000000000D0A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1016-7-0x0000000005480000-0x0000000005490000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1016-8-0x0000000005360000-0x000000000537A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1016-9-0x0000000005390000-0x0000000005398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1016-10-0x0000000000BD0000-0x0000000000BDA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1016-11-0x0000000006A60000-0x0000000006ADC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1016-12-0x000000000F670000-0x000000000F70C000-memory.dmp

    Filesize

    624KB

    Download