Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 00:55

General

  • Target

    1e8aea1af6e770c692bf2303b3f0db7b.exe

  • Size

    5.8MB

  • MD5

    1e8aea1af6e770c692bf2303b3f0db7b

  • SHA1

    a441001b3fe33b237c68b26d98dc297c9a32d074

  • SHA256

    cad36a5afb84687713404897ed77a96b95d4076b1817161fcd62683323a86eb3

  • SHA512

    86d8e586546a44f65406251f9ac035d062869c302ae094e3e69f5ee4ccf30e83f859557359ba75b4d9424ece8350d0f49049e12b956fa325f2fc531d38c7e369

  • SSDEEP

    49152:bzeo6U+YJJbce5QSb0wtxmH7aCDoD1rTrWvKYgbsT4AvCB7Jcyq/FBGS26iK+V57:bzeoDRJ/WoD1rH1/nlpsuaZXK6Fu

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e8aea1af6e770c692bf2303b3f0db7b.exe
    "C:\Users\Admin\AppData\Local\Temp\1e8aea1af6e770c692bf2303b3f0db7b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\1e8aea1af6e770c692bf2303b3f0db7b.exe
      "C:\Users\Admin\AppData\Local\Temp\1e8aea1af6e770c692bf2303b3f0db7b.exe" ""
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1772-5-0x0000000000400000-0x0000000000885000-memory.dmp

    Filesize

    4.5MB

  • memory/1772-2-0x0000000000400000-0x0000000000885000-memory.dmp

    Filesize

    4.5MB

  • memory/1772-3-0x0000000000400000-0x0000000000885000-memory.dmp

    Filesize

    4.5MB

  • memory/1772-7-0x0000000000400000-0x0000000000885000-memory.dmp

    Filesize

    4.5MB

  • memory/1772-8-0x00000000028E0000-0x00000000028E1000-memory.dmp

    Filesize

    4KB

  • memory/1772-9-0x0000000000400000-0x0000000000885000-memory.dmp

    Filesize

    4.5MB

  • memory/1772-10-0x0000000000400000-0x0000000000885000-memory.dmp

    Filesize

    4.5MB

  • memory/1772-11-0x0000000000400000-0x0000000000885000-memory.dmp

    Filesize

    4.5MB

  • memory/1772-12-0x0000000000400000-0x0000000000885000-memory.dmp

    Filesize

    4.5MB

  • memory/1772-13-0x00000000028E0000-0x00000000028E1000-memory.dmp

    Filesize

    4KB

  • memory/2376-1-0x0000000000400000-0x00000000009CC000-memory.dmp

    Filesize

    5.8MB

  • memory/2376-6-0x0000000000400000-0x00000000009CC000-memory.dmp

    Filesize

    5.8MB

  • memory/2376-0-0x0000000001020000-0x0000000001021000-memory.dmp

    Filesize

    4KB