148601cb960fa8270814120a5fca1717d3fabbcf2463d763366591955174c511

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40c2d4a919ee1ac254c20cd9753a8a5c.exe
Size

1.6MB
MD5

40c2d4a919ee1ac254c20cd9753a8a5c
SHA1

4d3daecbf78f32904d5766ff820f9fa2875e59cd
SHA256

148601cb960fa8270814120a5fca1717d3fabbcf2463d763366591955174c511
SHA512

00487b40f684a4d8f48f62f093bbf82a7cfad437e56cedf00c24eeec6d5b0614ec63b37450e008d6f9d671fa0a954f663e8f3b10b2698ef1db68b216f814165f
SSDEEP

24576:B2BbEKosPAZ3ZOOKfs6NL0CpszqtPUfRQI5n5PmSGj69bA5rV4Yihe5Cpn3:Obz183QRNLTeqU9PGjebA5rOYiZn3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4164	40c2d4a919ee1ac254c20cd9753a8a5c.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4164	40c2d4a919ee1ac254c20cd9753a8a5c.tmp
4164	40c2d4a919ee1ac254c20cd9753a8a5c.tmp
4164	40c2d4a919ee1ac254c20cd9753a8a5c.tmp
4164	40c2d4a919ee1ac254c20cd9753a8a5c.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 4164	4584	40c2d4a919ee1ac254c20cd9753a8a5c.exe	89
PID 4584 wrote to memory of 4164	4584	40c2d4a919ee1ac254c20cd9753a8a5c.exe	89
PID 4584 wrote to memory of 4164	4584	40c2d4a919ee1ac254c20cd9753a8a5c.exe	89

C:\Users\Admin\AppData\Local\Temp\40c2d4a919ee1ac254c20cd9753a8a5c.exe
"C:\Users\Admin\AppData\Local\Temp\40c2d4a919ee1ac254c20cd9753a8a5c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Users\Admin\AppData\Local\Temp\is-90DTR.tmp\40c2d4a919ee1ac254c20cd9753a8a5c.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-90DTR.tmp\40c2d4a919ee1ac254c20cd9753a8a5c.tmp" /SL5="$70154,987588,70144,C:\Users\Admin\AppData\Local\Temp\40c2d4a919ee1ac254c20cd9753a8a5c.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-90DTR.tmp\40c2d4a919ee1ac254c20cd9753a8a5c.tmp

Filesize
961KB

MD5
08641bd410ed66154fd5d20c29a68b99

SHA1
55e71ae24302e4cb8bd7514ae285f32578fdca89

SHA256
4b6a40c906444696369a387fd8208c53312586aaf407ddd0898cf67f6645a3be

SHA512
6eb0e1d71700e7323f540671f96e6b6b2e15857a3007b62bc5c67758ec671113eff4d831824da8415a170cf94281f6461b1f492a7f77d881febe8a9d03ed6bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-90DTR.tmp\40c2d4a919ee1ac254c20cd9753a8a5c.tmp

Filesize
1.1MB

MD5
f16072dddd60a8b571451546b8b8f836

SHA1
5c9b25dbea7175facb6e0ee0c23c08bada89cf52

SHA256
ebe905ec62a54f5e8a908d4cc43daecb8d6107cfec20854f6150d627aab50111

SHA512
4560b6e49611b26a3167ff582b9db6c2fe65740f2db2405de7d5ee5a2fc3d2418ac265487d0ac4f7979697f4d132d3df52e2489765eb43f22f41c873555dc836

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MD06L.tmp\setupcfg.ini

Filesize
44B

MD5
0dbc3077a0d7bb3c28e4cdd159b2da77

SHA1
aacebed53126c6728f50b5d17709a0b2f79bc32a

SHA256
0eae13c7a02dfed8f7efd17a8964c21739b6099ddd292302b9cbc7feedfaf1b8

SHA512
eb0e5cdb23919824794d901691d8bd776f7c461acafbf53e02b45a8b4da6969aaa1927f506d1389744dc01c447c246fecfa4264220cca60b7518fbe90083af28

Download Submit
memory/4164-7-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/4164-44-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/4164-47-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/4584-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4584-2-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4584-43-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download