5b46137113d9c84be43ed744bda2377c5bdeb224a7256f952b11e5df8cfdd6b6

Analysis

max time kernel
4s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f4f8dc4c97b864e9da8a09a33c5169a.exe
Size

240KB
MD5

1f4f8dc4c97b864e9da8a09a33c5169a
SHA1

263b8068882663bcdee0833a5e32ea768a393246
SHA256

5b46137113d9c84be43ed744bda2377c5bdeb224a7256f952b11e5df8cfdd6b6
SHA512

ccd2c279a3683b6a36e3fb631609f9ba853454f3abfd81337a0718dd013d65e2658283e3af3a8600737107aeb1bf451ee61106206d7eebef3955b53417fee998
SSDEEP

6144:IUN3dwqsNweTAB0EqxF6snji81RUinKchht/S30:1dQ5JD6k

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4964	1f4f8dc4c97b864e9da8a09a33c5169a.exe

C:\Users\Admin\AppData\Local\Temp\1f4f8dc4c97b864e9da8a09a33c5169a.exe
"C:\Users\Admin\AppData\Local\Temp\1f4f8dc4c97b864e9da8a09a33c5169a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4964
- C:\Users\Admin\jeiedu.exe
  "C:\Users\Admin\jeiedu.exe"
  2⤵
  PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\jeiedu.exe

Filesize
240KB

MD5
cfe4eb57a9599ffa8621d3fb333903ee

SHA1
416e1d5e4cb2d6adbf976af7c32c7c25dd7bcb10

SHA256
d1f2e2bb906dd22bb141f9fa8bf6d180809e7eea9eeae95747f296f692c6fac3

SHA512
feb42b7ed3a77e08f6e976d55c2089dc738fee08a0db5364d89c191ac818c221de39f2fa2c0217c58c3f7cd3fdb20efdc8e92b7c7ef6a8bf7a378cf4ee340e27

Download Submit
C:\Users\Admin\jeiedu.exe

Filesize
93KB

MD5
e7199b7d8f43063cf6966b92f2635712

SHA1
86d65d0ccfe209b821c28aef5eb750f15640f649

SHA256
bdfe4c6b65eb8dae626752091369f3445c6fe5545632f7baf7cad5b3ed836e14

SHA512
394ad3c361edef73055030e42b6b5da413312ba23fc9f4213872ac0d16f268a03cde11abc7021ab7fbed28a87d847891d1ea497e0c95d5af674bc316a65f6148

Download Submit