Analysis
-
max time kernel
4s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
24/12/2023, 21:46
General
-
Target
13a2c3eba44d5c15e8e1a519b362e86d.exe
-
Size
298KB
-
MD5
13a2c3eba44d5c15e8e1a519b362e86d
-
SHA1
c48a14effdedfbfd95d4c35771741a02317fc242
-
SHA256
5a1edf05692bf694ebec3300e6e78a0ba22b5df735f8e323b0bb4e59cab4c092
-
SHA512
5e12aab0ec83150125384b29500244248fbafe716715b184a2a95fc1f6c0e2343e1ee574d46aea4e7cd5f5c52f4c10ebf6854a295c0f623a1ae3033c91e651e5
-
SSDEEP
6144:EuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLqIY1:v6Wq4aaE6KwyF5L0Y2D1PqLk
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable 12 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of FindShellTrayWindow 14 IoCs
-
Suspicious use of SendNotifyMessage 14 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\13a2c3eba44d5c15e8e1a519b362e86d.exe"C:\Users\Admin\AppData\Local\Temp\13a2c3eba44d5c15e8e1a519b362e86d.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\svhost.exeC:\Windows\svhost.exe2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82B
MD5c2d2dc50dca8a2bfdc8e2d59dfa5796d
SHA17a6150fc53244e28d1bcea437c0c9d276c41ccad
SHA256b2d38b3f122cfcf3cecabf0dfe2ab9c4182416d6961ae43f1eebee489cf3c960
SHA5126cfdd08729de9ee9d1f5d8fcd859144d32ddc0a9e7074202a7d03d3795bdf0027a074a6aa54f451d4166024c134b27c55c7142170e64d979d86c13801f937ce4
-
Filesize
1KB
MD5321cdf6e0de54f3966cc57e81ae6257d
SHA1dde7ed76549da012305b8d2d6a8ee128757970e1
SHA2560bd86d9e60dcc3644ab831526ab1b9d15a6722583adcde7e5c422a633bb4ecf9
SHA5122e4d2beb719dfb9fd0b608c74a8132372f9aed73fdb83e266698d416d25f6e588f79f78363f477405c3532ecc5e9ad448d108b30a5cd1faa8b5ce9a892e9dd24
-
Filesize
29KB
MD511a462ddf096d5a2bf0d5a017656c4dd
SHA182d3355a26bc375c6d9ee6cb7d43f5b156f3da15
SHA25626f93b20c82dc55844b00a271155374bff7963c163ec91aee8e56093a5caba67
SHA5128f583acdf45d6f7f8a76e2a984becdf3ecb33de759c1e60ac05f6089559cd4068bb9202f9b32873606e0dc76d90c42ece80937e0eed31991ee3a62a0383e175a
-
Filesize
15KB
MD52a7faa408a7f8b7a4fd26b2cf33a07cd
SHA149f6b5dc07c6b008729658e912c5556f89ee2524
SHA25657e2b43480ac8f4672cbfd4242da37a1fe56dc93f9a3109e4227fbfd31aa0433
SHA5126201cafec99f256b4bb6e82cf2cfd325c591505c932ae16cbaa4ac47450858fc75a30093e6248010dcf6b78e9f03f2c1e09c0dac36325229e9639d8baba35858
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB
-
Filesize
776KB