20276ed50815158e24bbcae4a449c713ea0732f6568f3c9724b8a89c38139c06

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
Size

352KB
MD5

12bc2a30ac0cb3f3bc92e726f9eeb0f1
SHA1

157a8b1651921f5493d70c5619008dd2b474eb3f
SHA256

20276ed50815158e24bbcae4a449c713ea0732f6568f3c9724b8a89c38139c06
SHA512

1758b5868d9264c0e98fa18367e92818de5b5670222163625ce881f3ba50b297dff463c328fd8c29c21d2237e8c3e43b027e45c4fb9f78075cb489d52f93dd63
SSDEEP

6144:8yErq0yLAFck9JZeYxUXBHpZte8bk4M/TIOj+c7zWjoMWlYhKYue4cJdM+94g+:CG0ahk1eYUBJZt/6xj+4zH4RR4sdMGv+

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
5112	12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe

C:\Users\Admin\AppData\Local\Temp\12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe
"C:\Users\Admin\AppData\Local\Temp\12bc2a30ac0cb3f3bc92e726f9eeb0f1.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mm_A9AE.tmp\log.txt

Filesize
536B

MD5
b86512321569cbbf930aa5837764f838

SHA1
d81c1f565ab5d74f2e4f6145abeb684743a4f622

SHA256
f9ae709f584428b794ac14a2a16edf453fcec4b7fa7603160bd6bacd9e5d8e7b

SHA512
f99457cae8793019b50c8a639e6e0dd043c6ae2767c35ba1cda92b3bd3ad958f01ce842f08b7af3d1559741d4e8b33a322ee7b07f3037d6e78edc617d6e66204

Download Submit
C:\Users\Admin\AppData\Local\Temp\mm_A9AE.tmp\log.txt

Filesize
1KB

MD5
0495ab55893905f9e5dbf19e0dde3ca2

SHA1
f9238d25f6853b827c14b6e0a932bed33a64c5f4

SHA256
7b2c0f7de47bb4ee104241c8d84efed50d74de65a5d322acdddc072da6e1c52c

SHA512
c8f9762a55ebc015972db52f52fd3ce52333c76e40d3b94bf79db495820f2dd3e2cd85f5113abaf5005e65f81f4d81187c84138fa03ac50818703de5565bddee

Download Submit
C:\Users\Admin\AppData\Local\Temp\mm_A9AE.tmp\log.txt

Filesize
1KB

MD5
5545822faca3dc66406a92be5c8a1937

SHA1
686a862129baf1bf743ff448f36e121a4768f144

SHA256
a4638c7a81bc383f2138b6da4c25dd3725f2b17e50dba60b42d8685c9eb62d2c

SHA512
103ded4fe2b7a3ed2c0c93d0c3f9e224fe2ba25d5f3b02099ddaa86b12b21348ccde48f45d7cf0c74e28e47d0ccbf3218ef20588b94ee8a96690db033fe6f293

Download Submit
memory/5112-33-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-36-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-5-0x000000007FE00000-0x000000007FE01000-memory.dmp

Filesize
4KB

Download
memory/5112-8-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-3-0x000000007FE10000-0x000000007FE11000-memory.dmp

Filesize
4KB

Download
memory/5112-22-0x000000007FE40000-0x000000007FE46000-memory.dmp

Filesize
24KB

Download
memory/5112-30-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-0-0x000000007FE40000-0x000000007FE46000-memory.dmp

Filesize
24KB

Download
memory/5112-34-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-4-0x000000007FE30000-0x000000007FE38000-memory.dmp

Filesize
32KB

Download
memory/5112-42-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-43-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-47-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-2-0x000000007FE20000-0x000000007FE21000-memory.dmp

Filesize
4KB

Download
memory/5112-1-0x000000007FE40000-0x000000007FE46000-memory.dmp

Filesize
24KB

Download
memory/5112-49-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-63-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download
memory/5112-64-0x0000000020500000-0x0000000020588000-memory.dmp

Filesize
544KB

Download