1468cab772699b406a61277e8cd6489c754e45bbab5ce60d1d2a23829292bb7d

Analysis

max time kernel
163s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0af183814f8362e4318b5984a2de00cc.exe
Size

452KB
MD5

0af183814f8362e4318b5984a2de00cc
SHA1

e685094de3823b225acad553df204e29a9600ea4
SHA256

1468cab772699b406a61277e8cd6489c754e45bbab5ce60d1d2a23829292bb7d
SHA512

622c8de66de3185801d0a7d1ffa0a74ac405b11bb215b00fca234c10104933ca1c9370671e107d3cb1bc90c497b658a90120dd54c93ad550a276a4373549b21c
SSDEEP

6144:8IHp7NlBLdotN2juQvvkksxJ/WdXjkN+d1fwLnmNkjUA3yj6JvtyxfLxjSeUrQls:NpTBLYQvvc/kXjODnjUA3V/+6

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0af183814f8362e4318b5984a2de00cc.lnk	0af183814f8362e4318b5984a2de00cc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0af183814f8362e4318b5984a2de00cc.exe
"C:\Users\Admin\AppData\Local\Temp\0af183814f8362e4318b5984a2de00cc.exe"
1⤵
- Drops startup file
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2172-0-0x0000000000BD0000-0x0000000000BD2000-memory.dmp

Filesize
8KB

Download
memory/2172-1-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download
memory/2172-2-0x0000000000E60000-0x0000000000E61000-memory.dmp

Filesize
4KB

Download
memory/2172-3-0x0000000001420000-0x0000000001421000-memory.dmp

Filesize
4KB

Download
memory/2172-4-0x0000000001430000-0x0000000001431000-memory.dmp

Filesize
4KB

Download
memory/2172-7-0x0000000001D00000-0x0000000001D26000-memory.dmp

Filesize
152KB

Download
memory/2172-5-0x0000000001440000-0x0000000001441000-memory.dmp

Filesize
4KB

Download
memory/2172-6-0x0000000001C90000-0x0000000001C91000-memory.dmp

Filesize
4KB

Download
memory/2172-9-0x0000000001CA0000-0x0000000001CA1000-memory.dmp

Filesize
4KB

Download
memory/2172-11-0x0000000001CB0000-0x0000000001CB1000-memory.dmp

Filesize
4KB

Download
memory/2172-12-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

Filesize
4KB

Download
memory/2172-15-0x0000000001CE0000-0x0000000001CE1000-memory.dmp

Filesize
4KB

Download
memory/2172-14-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

Filesize
4KB

Download
memory/2172-16-0x0000000001CF0000-0x0000000001CF1000-memory.dmp

Filesize
4KB

Download
memory/2172-17-0x0000000001D30000-0x0000000001D31000-memory.dmp

Filesize
4KB

Download
memory/2172-18-0x0000000001D50000-0x0000000001D51000-memory.dmp

Filesize
4KB

Download
memory/2172-19-0x0000000001D60000-0x0000000001D61000-memory.dmp

Filesize
4KB

Download
memory/2172-20-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/2172-21-0x0000000001D80000-0x0000000001D81000-memory.dmp

Filesize
4KB

Download
memory/2172-25-0x0000000001D90000-0x0000000001D91000-memory.dmp

Filesize
4KB

Download
memory/2172-26-0x0000000003940000-0x0000000003941000-memory.dmp

Filesize
4KB

Download
memory/2172-27-0x0000000003960000-0x0000000003961000-memory.dmp

Filesize
4KB

Download
memory/2172-28-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/2172-29-0x00000000014B0000-0x00000000014B1000-memory.dmp

Filesize
4KB

Download
memory/2172-30-0x00000000014A0000-0x00000000014A2000-memory.dmp

Filesize
8KB

Download
memory/2172-31-0x0000000001D40000-0x0000000001D41000-memory.dmp

Filesize
4KB

Download
memory/2172-32-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

Filesize
4KB

Download
memory/2172-33-0x0000000003950000-0x0000000003951000-memory.dmp

Filesize
4KB

Download
memory/2172-34-0x0000000003CC0000-0x0000000003CC1000-memory.dmp

Filesize
4KB

Download