154d92661bdeaa6d0c27b1449e634138bf05adb6846fccbea7ab66f3cbde53e4

Analysis

max time kernel
0s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06f33a5c4148d806ef8c0d8d45b5a62f.exe
Size

288KB
MD5

06f33a5c4148d806ef8c0d8d45b5a62f
SHA1

18ae4bceaeb6b467d457290d9c61180066ff300a
SHA256

154d92661bdeaa6d0c27b1449e634138bf05adb6846fccbea7ab66f3cbde53e4
SHA512

9597d4ffda0f82190937b6695d1c642c0206506177098c38cacb12f703ddb670e9c1ad9e44fad8b2bbae20d08ec6b62b30562fdbde89f36be1b0945beb565f0c
SSDEEP

6144:2c4Ub8G98n0021valv5ewibh8HOlxHUbx1LqrJQ:2c2GS0021vUv8oOlNUv2rJ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\06f33a5c4148d806ef8c0d8d45b5a62f.exe
"C:\Users\Admin\AppData\Local\Temp\06f33a5c4148d806ef8c0d8d45b5a62f.exe"
1⤵
PID:1996
- C:\Users\Admin\AppData\Local\Temp\n8317\ins8317.exe
  "C:\Users\Admin\AppData\Local\Temp\n8317\ins8317.exe" ins.exe /t530a1b0c3fb87 /e12236294 /u17dced38-7f70-11e3-8a58-80c16e6f498c
  2⤵
  PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\n8317\ins8317.exe

Filesize
265KB

MD5
4c24a9e76a700931ae23e212519593c3

SHA1
d738435c7d5d98223462e6b4dd97e1081f911e97

SHA256
75912abe46cabda79f285ba2b0d70c8aa31eae564886d2f483f3e325379b67fb

SHA512
d48038bdd5e06761c45b711cf7dff1c5b6e56e5cbc230041fb16e1f3418235809008ea3545375e02b48b0cca1857348ea23fd4fd35165e72df9a9956b225f12f

Download Submit
C:\Users\Admin\AppData\Local\Temp\n8317\ins8317.exe

Filesize
5KB

MD5
6e277cdfdac23fcd59a3d627b8a6a78f

SHA1
fac04b6e7c8dd60461112ce083ad3c555d903a40

SHA256
fb29a4ba8bcfb348be3ad2ef7ff7a1661cf2d3cabb76cb04f907a8f41eed2d6d

SHA512
983f8dbbdd7c9f8887c6e07ac12e3bbdfdbe8dcadba5f3dc558a246d532299a29b2c31a94aba39bda94c7d6a17343e0834f8225b049902a8da8fc660b8a4b28e

Download Submit
C:\Users\Admin\AppData\Local\Temp\n8317\ins8317.exe

Filesize
144KB

MD5
78534d11ec69c8805e93eedc2dd5f839

SHA1
def5393c10b4f78b3ca06e80d6a33281d110dc2f

SHA256
56c77bc09329c337a42dd9353692c652f9794b5ecc2ed0101416a6a6c4418757

SHA512
ff9b038f4d873430c9a5721f12530d098047fb93a8adff465d68c241a111a4125f0af69b2e2e53c9a6d727218f50d152f1e194be60834be0282a59d9ca7f71d6

Download Submit
memory/5044-20-0x0000000000F60000-0x0000000000F70000-memory.dmp

Filesize
64KB

Download
memory/5044-21-0x0000000000F60000-0x0000000000F70000-memory.dmp

Filesize
64KB

Download
memory/5044-13-0x0000000000F30000-0x0000000000F3A000-memory.dmp

Filesize
40KB

Download
memory/5044-14-0x00007FFE27530000-0x00007FFE27ED1000-memory.dmp

Filesize
9.6MB

Download
memory/5044-18-0x000000001C330000-0x000000001C3CC000-memory.dmp

Filesize
624KB

Download
memory/5044-17-0x000000001BE60000-0x000000001C32E000-memory.dmp

Filesize
4.8MB

Download
memory/5044-19-0x0000000000F10000-0x0000000000F18000-memory.dmp

Filesize
32KB

Download
memory/5044-12-0x0000000000F60000-0x0000000000F70000-memory.dmp

Filesize
64KB

Download
memory/5044-22-0x0000000000F60000-0x0000000000F70000-memory.dmp

Filesize
64KB

Download
memory/5044-11-0x00007FFE27530000-0x00007FFE27ED1000-memory.dmp

Filesize
9.6MB

Download
memory/5044-24-0x0000000000F60000-0x0000000000F70000-memory.dmp

Filesize
64KB

Download
memory/5044-23-0x0000000000F60000-0x0000000000F70000-memory.dmp

Filesize
64KB

Download
memory/5044-25-0x000000001D570000-0x000000001D5D2000-memory.dmp

Filesize
392KB

Download
memory/5044-26-0x0000000020110000-0x000000002024C000-memory.dmp

Filesize
1.2MB

Download
memory/5044-27-0x0000000020760000-0x0000000020C6E000-memory.dmp

Filesize
5.1MB

Download
memory/5044-28-0x0000000020C70000-0x0000000020D70000-memory.dmp

Filesize
1024KB

Download
memory/5044-30-0x00007FFE27530000-0x00007FFE27ED1000-memory.dmp

Filesize
9.6MB

Download