e84cac854a439ca9097b29ead5938b3fc4f867dbc7d0c388633db9df0760edcc

Analysis

max time kernel
0s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ca817b68a4cf545e013e54fc7a92080.exe
Size

2.4MB
MD5

0ca817b68a4cf545e013e54fc7a92080
SHA1

4d3bd4759fcb91b2b262ef405760a65ef90c7399
SHA256

e84cac854a439ca9097b29ead5938b3fc4f867dbc7d0c388633db9df0760edcc
SHA512

f1c45275560fbd97cdd5fce6dd30cede344be116cdb29fef1cb8af0f4d6bac698309cb256e9ea4481e3fa49f5c2ccc5ea7b28719b487a0bc07eced37a0f1d90d
SSDEEP

49152:ysldGfuxKAltBwkx1MOrttjbV7ZZBZZ331Ruomp5KloYRp:ysHlw4SOHxZBRuoS5TYn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0ca817b68a4cf545e013e54fc7a92080.exe
"C:\Users\Admin\AppData\Local\Temp\0ca817b68a4cf545e013e54fc7a92080.exe"
1⤵
PID:3420
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\JRAYPwD9.cPL",
  2⤵
  PID:3620
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\JRAYPwD9.cPL",
    3⤵
    PID:1992
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\JRAYPwD9.cPL",
      4⤵
      PID:2864

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\JRAYPwD9.cPL",
1⤵
PID:3340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\JRAYPwD9.cPL

Filesize
381KB

MD5
902247fbc803dda36cbd83b4ea51a379

SHA1
5248aff7b6b3316a1967e0b00fa3a896adf26bc9

SHA256
f3ed6ebd1d3e383b543d1da9b7f950ee00adba91096488bedaa63dddac82f2b6

SHA512
b24fe1c98546e832947611be3ac5739504651cad7fa12e4ad227d36b9f759694351851e38ae851fd91cb76559542ca8d925bced47135c464a69761e3812ebbe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jrAYpwD9.cpl

Filesize
1.7MB

MD5
69f8acedccaaea74022ac1e2d49e6f42

SHA1
fff7462f6685af8a634ef71f19bd3240c7d0702d

SHA256
c1f084e3eac78ae9d0c98a256ecdf0d5039b9fa23235804273c563b4a16c0f7c

SHA512
b6da9f01014d2e5400973cb3befe40dd5344e2022f247c06a2856bcf367ba85f6d8c439b23245bc8f3b4334b097992dc086fa62d301bcebfc162541222e1e750

Download Submit
C:\Users\Admin\AppData\Local\Temp\jrAYpwD9.cpl

Filesize
92KB

MD5
4aa378b464c4915f13f6ecfadf4cf01d

SHA1
53470b9d1309787afdd119e3b5edf4fbfd277d18

SHA256
63453b00f2d7fbc478be2efd1a893f6de78b1a709309cdb7d42df170c250cb93

SHA512
1655a2de89935a8117d022b0fd1cf51dd652849750a20038f8ec5408361f248803765202180a729b9ac98905cdc32ea110c8aba22b81503abbb13a1804b9745a

Download Submit
memory/1992-18-0x0000000003090000-0x00000000031AE000-memory.dmp

Filesize
1.1MB

Download
memory/1992-53-0x0000000003A90000-0x0000000003BA9000-memory.dmp

Filesize
1.1MB

Download
memory/1992-15-0x0000000003090000-0x00000000031AE000-memory.dmp

Filesize
1.1MB

Download
memory/1992-12-0x0000000010000000-0x0000000010278000-memory.dmp

Filesize
2.5MB

Download
memory/1992-16-0x0000000003090000-0x00000000031AE000-memory.dmp

Filesize
1.1MB

Download
memory/1992-19-0x0000000010000000-0x0000000010278000-memory.dmp

Filesize
2.5MB

Download
memory/1992-22-0x00000000031B0000-0x0000000003975000-memory.dmp

Filesize
7.8MB

Download
memory/1992-21-0x0000000003090000-0x00000000031AE000-memory.dmp

Filesize
1.1MB

Download
memory/1992-23-0x0000000003980000-0x0000000003A8F000-memory.dmp

Filesize
1.1MB

Download
memory/1992-24-0x0000000003A90000-0x0000000003BA9000-memory.dmp

Filesize
1.1MB

Download
memory/1992-11-0x0000000002870000-0x0000000002876000-memory.dmp

Filesize
24KB

Download
memory/1992-14-0x0000000002F50000-0x000000000308C000-memory.dmp

Filesize
1.2MB

Download
memory/1992-54-0x0000000000900000-0x0000000000912000-memory.dmp

Filesize
72KB

Download
memory/3340-29-0x0000000002A50000-0x0000000002A56000-memory.dmp

Filesize
24KB

Download
memory/3340-36-0x0000000003360000-0x000000000347E000-memory.dmp

Filesize
1.1MB

Download
memory/3340-34-0x0000000003360000-0x000000000347E000-memory.dmp

Filesize
1.1MB

Download
memory/3340-39-0x0000000003360000-0x000000000347E000-memory.dmp

Filesize
1.1MB

Download
memory/3340-41-0x0000000003C50000-0x0000000003D5F000-memory.dmp

Filesize
1.1MB

Download
memory/3340-42-0x0000000003D60000-0x0000000003E79000-memory.dmp

Filesize
1.1MB

Download
memory/3340-45-0x0000000003D60000-0x0000000003E79000-memory.dmp

Filesize
1.1MB

Download
memory/3340-46-0x0000000000E50000-0x0000000000E62000-memory.dmp

Filesize
72KB

Download
memory/3340-47-0x000000007B900000-0x000000007B94A000-memory.dmp

Filesize
296KB

Download
memory/3340-33-0x0000000003360000-0x000000000347E000-memory.dmp

Filesize
1.1MB

Download
memory/3340-32-0x0000000003220000-0x000000000335C000-memory.dmp

Filesize
1.2MB

Download