2815ade77c86bb66d3a085a83d50835cb4881ed1a12d772d2e09be55cab6c8b2

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1790384eaa38f792b0d98f8a13e4666d.exe
Size

420KB
MD5

1790384eaa38f792b0d98f8a13e4666d
SHA1

f0809e0de20c767e988138b0004318ebf923eb92
SHA256

2815ade77c86bb66d3a085a83d50835cb4881ed1a12d772d2e09be55cab6c8b2
SHA512

a100c2180589a172fb30a38963f827270672e784b9e72183438f009a3ce01fbe537055a3e35f91329d7243388d6eb454a17b61d9493ac3ccf4cd39c3b0cb717c
SSDEEP

12288:mwaA3t7VPRw+8cOSQN2jyGFyFjISvfsJJa/oSdF:Zpbw+8cze/jL4U7F

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4464-0-0x0000000000400000-0x0000000000602000-memory.dmp	upx
behavioral2/memory/4464-39-0x0000000000400000-0x0000000000602000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4464	1790384eaa38f792b0d98f8a13e4666d.exe
4464	1790384eaa38f792b0d98f8a13e4666d.exe
4464	1790384eaa38f792b0d98f8a13e4666d.exe
4464	1790384eaa38f792b0d98f8a13e4666d.exe

C:\Users\Admin\AppData\Local\Temp\1790384eaa38f792b0d98f8a13e4666d.exe
"C:\Users\Admin\AppData\Local\Temp\1790384eaa38f792b0d98f8a13e4666d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\1790384eaa38f792b0d98f8a13e4666d.data

Filesize
830B

MD5
b7ebd43558747a70bb584912fff5ab5b

SHA1
9e6e072210965bffb0a8f222b7ac4952de608644

SHA256
5b8b58fef21ff831b2446eb3b9ce3d6010857bfc2b0c4d2c62680efc5e743ba4

SHA512
18b673fc09abb4b22a1f70c72e677d0d8ddeb482a1a1c592c582e4eb5ac0eb6e30299345e28a84a6390b596dfee6170302daea43f44e29191e903e3dd4d21d35

Download Submit
C:\Users\Admin\AppData\Roaming\GetRightToGo\1790384eaa38f792b0d98f8a13e4666d.htm

Filesize
87KB

MD5
2290e78ddaffaa73838e9a67d679cbc7

SHA1
5e2583a2c5bad107c82cab2a495d559e1385ae41

SHA256
ca6005b88259d61bfc9943b1236cd4f6f12833f3134a3c1553545247d95aca2d

SHA512
a2c6ae503b264e30925c685efb6389175138fb809989d5e4c61e62345662c0d7a6e0de57c6a8f883209c7bf613c6be3fb4ca2031876d562271c8b111ad338abc

Download Submit
memory/4464-0-0x0000000000400000-0x0000000000602000-memory.dmp

Filesize
2.0MB

Download
memory/4464-39-0x0000000000400000-0x0000000000602000-memory.dmp

Filesize
2.0MB

Download