d5d7e1c5473c7abcd4cda2071fb321f35f592fb289bbb01883454eaea5a64d1d

Analysis

max time kernel
0s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 02:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

011de0fe873bc52cd4c56b237d4c2045.exe
Size

571KB
MD5

011de0fe873bc52cd4c56b237d4c2045
SHA1

62842529948c7f6c52a63a50524b354f1a1fcf6d
SHA256

d5d7e1c5473c7abcd4cda2071fb321f35f592fb289bbb01883454eaea5a64d1d
SHA512

2c5a28b153f03674d9bacc397b7e4565104cfc341f1496d9828bdeda28a37edc434901f7185ad5cd6eba9e5f427a09cc96f6aabcaec5fc7f95eda058f561ba29
SSDEEP

12288:YctEagGmcl4gBF1BRnI6hAVebOe1qOX+t4O1Krkr7gZRSya/NWrZEvm:ZR+cl7X1BRnI6hmebOe1qMOMrkkSjZe

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\011de0fe873bc52cd4c56b237d4c2045.exe
"C:\Users\Admin\AppData\Local\Temp\011de0fe873bc52cd4c56b237d4c2045.exe"
1⤵
PID:1844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\batch.bat" "
  2⤵
  PID:936

C:\Users\Admin\AppData\Local\Temp\EXECUTORBYAMMSS1.exe
EXECUTORBYAMMSS1.exe -p02061969 -dC:\Users\Admin\AppData\Local\Temp
1⤵
PID:4608
- C:\Users\Admin\AppData\Local\Temp\EXECUTORBYAMMSS1.exe
  "C:\Users\Admin\AppData\Local\Temp\EXECUTORBYAMMSS1.exe"
  2⤵
  PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\EXECUTORBYAMMSS1.exe

Filesize
18KB

MD5
63b282c8cb7c9c0a9d52a43c8f4ca32e

SHA1
a2389b70ac0a004c5726d5af97553ae9c4cacd51

SHA256
d051842b886fec3095db99490a666cd45a7c4ee8580802167d4eb2e35499e9de

SHA512
15661d80973ab43fde67a6d88b1319437f2397164240989e0a1145711ab0c9dfd6b7dcaa596f4c8d16f826147ce5912c07a34a6747f391cd9e0441bc18a4d8d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\EXECUTORBYAMMSS1.exe

Filesize
13KB

MD5
9aa723408b92bcaca2c7c4be70b333f9

SHA1
fd33496217e42dfb975e8142015e6b8a92c71c46

SHA256
ada4211687721464e6a87830e2f418ce84f4db6205b42197d083ec91ac0ee46e

SHA512
9d6a2cd5eb73181b6ca85579e9f80b40bb1c5ca448c9f67757017b92a92ccc085858b28ea5fb1c6fe960e335e99b3faad7d9926334f78854d4fb32e733d83f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\EXECUTORBYAMMSS1.exe

Filesize
22KB

MD5
618cdcf7c09078d23a44b7b8cbca424e

SHA1
0e24decdfff10bd4b11bfd94f4d2ebdf7da30314

SHA256
376356f758e6ab9eb70a007ac2efab0422ef602dd705b7ab95d8a1c2489872e5

SHA512
4c43792c096cf515f0121c31f4549c0ab91d9a0a695af3539640a1d053eb799655ac7bd9c8c5a454c11650284d976e0927ce9cebbf7094e2c03603f7fe8eeef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\batch.bat

Filesize
40B

MD5
b3d4c2729bbf68663609833631c5d8da

SHA1
c49cd084b49e641ff1cc84a705bc0f1f0f59b83a

SHA256
1d6f6c12e1bb88e0adb9ffeafaf2ae8e4224a5f52e570160dd6ed17168934755

SHA512
29b34385665e2308d1581ea9ecc720d311a7aa5081b0cb60a7ca10358c8a1ec4380c1a3bd0dd53bf0ba330443379c8e2e4adfa35f112512c3c9405ea05cb61a9

Download Submit