7681bebff386f18f22554d8e44aca7581e38a9ef6405b84b76eeed34d6f1c267

Analysis

max time kernel
173s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06afb466fae7e2eb3f60aa8f4e2a44bb.exe
Size

423KB
MD5

06afb466fae7e2eb3f60aa8f4e2a44bb
SHA1

0b30bc05beb8e2121c2f65fa29ab3a2c02183ace
SHA256

7681bebff386f18f22554d8e44aca7581e38a9ef6405b84b76eeed34d6f1c267
SHA512

37d092d464231c55cab229548c20c0196ccb67d9ea8fe8825aa6354ab5a38eb8896d50081b5137ead7840b80e7015ea84191adffc5f39840bdd7c92b66a802b3
SSDEEP

12288:bwaA3t7VPRw+8cOSQN2jyGFyFjISvfsJJa/oSdw:kpbw+8cze/jL4U7w

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4988-0-0x0000000000400000-0x0000000000602000-memory.dmp	upx
behavioral2/memory/4988-42-0x0000000000400000-0x0000000000602000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4988	06afb466fae7e2eb3f60aa8f4e2a44bb.exe
4988	06afb466fae7e2eb3f60aa8f4e2a44bb.exe
4988	06afb466fae7e2eb3f60aa8f4e2a44bb.exe
4988	06afb466fae7e2eb3f60aa8f4e2a44bb.exe

C:\Users\Admin\AppData\Local\Temp\06afb466fae7e2eb3f60aa8f4e2a44bb.exe
"C:\Users\Admin\AppData\Local\Temp\06afb466fae7e2eb3f60aa8f4e2a44bb.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\06afb466fae7e2eb3f60aa8f4e2a44bb.data

Filesize
812B

MD5
93657739e2a4ada79d91b04b8fb320bc

SHA1
3d2171c8df163c3f2f719c6d2de9b4db1fa3bc09

SHA256
d4e438844bd4d46a747b82cc3e8dc8d8cae63484e14088cbb6605b807bfe7647

SHA512
24bf3cfd5119a73790a7851a08884a9c7a4dea391efe292e8f984cfe2e0d0a5d8e729e178fb0762156ec750e5b3f3679ecbf170d52ef984818f1a4e56c458f51

Download Submit
memory/4988-0-0x0000000000400000-0x0000000000602000-memory.dmp

Filesize
2.0MB

Download
memory/4988-42-0x0000000000400000-0x0000000000602000-memory.dmp

Filesize
2.0MB

Download