Overview

overview

5

Static

static

3

1cab09ca8d...1c.exe

windows7-x64

5

1cab09ca8d...1c.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    5s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 12:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cab09ca8dce443e0391ee36c43a6c1c.exe

  • Size

    1.6MB

  • MD5

    1cab09ca8dce443e0391ee36c43a6c1c

  • SHA1

    a6d6697442160e5623fac37bcfd7f1e1d242d3d9

  • SHA256

    444aaf2ad423151a5b1ee03b1d451c1c105dbc8265cef1dabfcf6fb2bb83d47a

  • SHA512

    a3402adf480983a31671ac2fc1988c365b1b9d093132f704e846cf98a4f43fbdbeb59fcdc292bcc0e61f6f820057b97faf8fa0c2735f06649946d1d0d7d18a33

  • SSDEEP

    24576:5KYd9ifgHFI+X7b71ei6Q5MpHPylXLBdGFj4GNysBm6wr9nAK2XRXy4GAmzCwx:hpHFI+XpexQ5CHPCrGJZiURNG9

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 21 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1cab09ca8dce443e0391ee36c43a6c1c.exe
    "C:\Users\Admin\AppData\Local\Temp\1cab09ca8dce443e0391ee36c43a6c1c.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3816-0-0x0000000000400000-0x0000000000717000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3816-3-0x0000000002520000-0x0000000002521000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3816-2-0x0000000000880000-0x0000000000888000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3816-1-0x0000000000400000-0x0000000000717000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3816-7-0x000000005F080000-0x000000005F081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3816-8-0x000000005F070000-0x000000005F071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3816-6-0x000000005F0B0000-0x000000005F0B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3816-5-0x000000005F0A0000-0x000000005F0A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3816-15-0x0000000000400000-0x0000000000717000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3816-17-0x0000000002520000-0x0000000002521000-memory.dmp

    Filesize

    4KB

    Download