Analysis
-
max time kernel
7s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 14:18
Behavioral task
behavioral1
Sample
bdd57c5bc1d09ce3233cfd1235caf6fe.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
bdd57c5bc1d09ce3233cfd1235caf6fe.exe
Resource
win10v2004-20231215-en
4 signatures
150 seconds
General
-
Target
bdd57c5bc1d09ce3233cfd1235caf6fe.exe
-
Size
15.1MB
-
MD5
bdd57c5bc1d09ce3233cfd1235caf6fe
-
SHA1
bed5c4af43fd6debc52db46a7d2e211aba222ead
-
SHA256
9980afa20df81f73050e117ae29d44b50dfab0a78c1095667f8e70b5757e2f1a
-
SHA512
d77c76ad3e1eac9ffb700d33c1329e33b2e4efb98de479402f054aa1af4725b6a43ef432c37e7eb6b9652953f6b2c870327521a4a366b8b582755d15a85534c8
-
SSDEEP
393216:RZbmmadZ/9Ozkz6EpEM2Sm8sls3L7ZJiMk7AxO:mZ/sApEhSzjiMpM
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4496-0-0x0000000000400000-0x000000000155E000-memory.dmp vmprotect behavioral2/memory/4496-1-0x0000000000400000-0x000000000155E000-memory.dmp vmprotect behavioral2/memory/4496-6-0x0000000000400000-0x000000000155E000-memory.dmp vmprotect -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\V: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\A: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\K: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\N: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\O: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\P: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\R: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\U: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\W: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\X: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\B: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\H: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\Z: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\E: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\G: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\I: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\J: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\L: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\M: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\Y: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\Q: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\S: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\T: bdd57c5bc1d09ce3233cfd1235caf6fe.exe File opened (read-only) \??\a: bdd57c5bc1d09ce3233cfd1235caf6fe.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4496 bdd57c5bc1d09ce3233cfd1235caf6fe.exe 4496 bdd57c5bc1d09ce3233cfd1235caf6fe.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4496 bdd57c5bc1d09ce3233cfd1235caf6fe.exe 4496 bdd57c5bc1d09ce3233cfd1235caf6fe.exe