24d66af48927b26675b3f3e23fd61dbc536ff8ee75428527a5cf8bfad0408677

Analysis

max time kernel
159s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

403d71453345b4bdf34e88ed556542b7.exe
Size

322KB
MD5

403d71453345b4bdf34e88ed556542b7
SHA1

8265459775347e711e8afa93e893e0cc74cac8d9
SHA256

24d66af48927b26675b3f3e23fd61dbc536ff8ee75428527a5cf8bfad0408677
SHA512

839d5fdb0da46d40371d71a9d7eb7ca3118662937ceeb07aac2559a5382b831342a8adefbdc0dca8531932674c79144dcecc0e7056109fa68c941d4042e9fab7
SSDEEP

6144:XXPn2EJLWvidxTtopGgKhQfO4Oh8pF7G0S:H+ENWvidxTtlgKhwO4OhOF7G0S

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	403d71453345b4bdf34e88ed556542b7.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	403d71453345b4bdf34e88ed556542b7.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\RadioBoost.job	403d71453345b4bdf34e88ed556542b7.exe

C:\Users\Admin\AppData\Local\Temp\403d71453345b4bdf34e88ed556542b7.exe
"C:\Users\Admin\AppData\Local\Temp\403d71453345b4bdf34e88ed556542b7.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3884-0-0x0000000001360000-0x0000000001460000-memory.dmp

Filesize
1024KB

Download
memory/3884-2-0x0000000001C80000-0x0000000001CAF000-memory.dmp

Filesize
188KB

Download
memory/3884-9-0x0000000001CF0000-0x0000000001D17000-memory.dmp

Filesize
156KB

Download
memory/3884-23-0x0000000001360000-0x0000000001460000-memory.dmp

Filesize
1024KB

Download