26fd5375ca64fcf462bb007470b07d5b0eeedb8a2e73378b73f83a9cc36b2d35

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05878208ae90f49fd582493160373107.exe
Size

1.4MB
MD5

05878208ae90f49fd582493160373107
SHA1

092fb9aa1839d6b8337198c7fafd1e3b3c590f86
SHA256

26fd5375ca64fcf462bb007470b07d5b0eeedb8a2e73378b73f83a9cc36b2d35
SHA512

bbd480a283cc7c4e3f3e2d6efb56623637d019bce3ed1c8824b3f0aa9bcaba6f0fed3bf20e0ddef37416b70da5d5191c0ea9e5bbe48ad9fa7891937869fd305d
SSDEEP

24576:OyznK9/GaC9gEar13p/IqNsmdlWSZcbx9Y6mvCCDCiae1tN9WWt7x2Nzs:Oyrs/1CmEe3pwismobUcUh1tN92s

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1416	05878208ae90f49fd582493160373107.exe
1416	05878208ae90f49fd582493160373107.exe

C:\Users\Admin\AppData\Local\Temp\05878208ae90f49fd582493160373107.exe
"C:\Users\Admin\AppData\Local\Temp\05878208ae90f49fd582493160373107.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1416-0-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1416-1-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download