0614c41fcc1d77563d0ebedf3a61090a5b2489eea4bba4812eddeea62958189d

Analysis

max time kernel
2s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c5e3fb7273def46096f27d434d4fff9.exe
Size

311KB
MD5

1c5e3fb7273def46096f27d434d4fff9
SHA1

b25b36c573feb3c3dadfbab186c0b87783f66cf1
SHA256

0614c41fcc1d77563d0ebedf3a61090a5b2489eea4bba4812eddeea62958189d
SHA512

5258ddbe6d97d0dd6ac56c6be9233dd39ae92b9211e3688ea64c7ba9f157edd55f83de00b4da7cbd0ab2b2d07c1ec11f3e6bda10f2a5fff0ac67a68b8c9727cf
SSDEEP

3072:Ek6y38qiVy3aWuwpeTgYuAXHs+3xr9hvqBuMnwqCYf6I3HutHKc0Sps96pMFVzDS:Exg8qdPnsXM+3x9CwqCYfDO/W9bpyYq

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3012	1c5e3fb7273def46096f27d434d4fff9.exe
3012	1c5e3fb7273def46096f27d434d4fff9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3012	1c5e3fb7273def46096f27d434d4fff9.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3012	1c5e3fb7273def46096f27d434d4fff9.exe
3012	1c5e3fb7273def46096f27d434d4fff9.exe

C:\Users\Admin\AppData\Local\Temp\1c5e3fb7273def46096f27d434d4fff9.exe
"C:\Users\Admin\AppData\Local\Temp\1c5e3fb7273def46096f27d434d4fff9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3012-2-0x0000000000350000-0x0000000000392000-memory.dmp

Filesize
264KB

Download
memory/3012-4-0x0000000004B90000-0x0000000004BD0000-memory.dmp

Filesize
256KB

Download
memory/3012-3-0x0000000074BC0000-0x00000000752AE000-memory.dmp

Filesize
6.9MB

Download
memory/3012-5-0x0000000004B90000-0x0000000004BD0000-memory.dmp

Filesize
256KB

Download
memory/3012-6-0x0000000004B90000-0x0000000004BD0000-memory.dmp

Filesize
256KB

Download
memory/3012-7-0x0000000004B90000-0x0000000004BD0000-memory.dmp

Filesize
256KB

Download
memory/3012-10-0x000000000A8C0000-0x000000000B066000-memory.dmp

Filesize
7.6MB

Download
memory/3012-18-0x0000000074BC0000-0x00000000752AE000-memory.dmp

Filesize
6.9MB

Download
memory/3012-19-0x0000000004B90000-0x0000000004BD0000-memory.dmp

Filesize
256KB

Download