e67bccb49dc072ad198e6189fa720f4faf10dea63055bab1c27bc9cf8a6cd102

Analysis

max time kernel
148s
max time network
77s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14bf0b7251dcb9faf1871754a707acc1.exe
Size

357KB
MD5

14bf0b7251dcb9faf1871754a707acc1
SHA1

44f5d5cf8a54de5d7eca6209d22302f1cae7952e
SHA256

e67bccb49dc072ad198e6189fa720f4faf10dea63055bab1c27bc9cf8a6cd102
SHA512

6225952e61f18196a4bed6e9f4addbaa441f2c98d6c16a169e5363ef5110d2ebeb2e05697c6eb7a6a09416daa39d7dd00a0a22b41ee1bda8e1bfa376b8b28b24
SSDEEP

6144:Q8yZw0EMTNHw7Ip+rKUEqpjyfe03qJf1zw4T/+8zXTfwcDKl+oSU1:ZZ0btw6+rK5qkfe03j4j+cD4choSk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2232-0-0x0000000000400000-0x000000000050A000-memory.dmp	upx
behavioral2/memory/2232-12-0x0000000000400000-0x000000000050A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2232	14bf0b7251dcb9faf1871754a707acc1.exe
2232	14bf0b7251dcb9faf1871754a707acc1.exe

C:\Users\Admin\AppData\Local\Temp\14bf0b7251dcb9faf1871754a707acc1.exe
"C:\Users\Admin\AppData\Local\Temp\14bf0b7251dcb9faf1871754a707acc1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\14bf0b7251dcb9faf1871754a707acc1.data0

Filesize
1KB

MD5
b491d8c0f8894645233581fbe8cd8dd5

SHA1
cb6a0a2a064c75f8c7f40be010069dbd81e53d85

SHA256
bd6b03f7592c5d8877317bb4db0d53b3008d8fce0e423cd53c58bd1691cc163a

SHA512
23ad017b8ef67176f481fb38c86880d74e3b1bc055d6812a04239f6f391130d781530ebb8d3ae4ef2f3cc7ad5a3fae76d63c03c7a638532e8ba90dba5cc22096

Download Submit
memory/2232-0-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2232-12-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download