dbc8ba17a3180740aff093f5df93a6e6e9e26a4cc1eea62f41c1cf12b300149f

Analysis

max time kernel
172s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 13:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2145552f3a6396b1d43b1f113e766015.exe
Size

238KB
MD5

2145552f3a6396b1d43b1f113e766015
SHA1

9d0e2639f23d136bbf383d16a23bcf1835fc83c6
SHA256

dbc8ba17a3180740aff093f5df93a6e6e9e26a4cc1eea62f41c1cf12b300149f
SHA512

47ac74c6c8cae707843613d3f5b124374487423a6935107c197a4d8a3a0dc6d2790e1d124f2c0e912aaae56fca53417fc2f5a75e8028443083c3a8e97665ba97
SSDEEP

6144:bQqHzDcTlSGySfKwMJI/FqxhS6dNDzgMb8beflckTbeu:oSeOI/FqxhSANDzFbyeflvneu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4596	chtk.exe
4116	chck.exe

Loads dropped DLL 1 IoCs

pid	Process
2396	2145552f3a6396b1d43b1f113e766015.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4116	chck.exe
4116	chck.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 4116	2396	2145552f3a6396b1d43b1f113e766015.exe	107
PID 2396 wrote to memory of 4116	2396	2145552f3a6396b1d43b1f113e766015.exe	107
PID 2396 wrote to memory of 4116	2396	2145552f3a6396b1d43b1f113e766015.exe	107

C:\Users\Admin\AppData\Local\Temp\2145552f3a6396b1d43b1f113e766015.exe
"C:\Users\Admin\AppData\Local\Temp\2145552f3a6396b1d43b1f113e766015.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\TempChtk\chtk.exe
  C:\Users\Admin\AppData\Local\TempChtk\chtk.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Users\Admin\AppData\Local\TempChtk\chck.exe
  C:\Users\Admin\AppData\Local\TempChtk\chck.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\TempChtk\chck.exe

Filesize
212KB

MD5
857aa0012793a5c5b5960b3f8631c48c

SHA1
79c4618fc36e439d3bb95069e2a1773f5681ddd5

SHA256
f5a4a517e68f3a0229dff2c75b68ee8550afdee44fd997845757b4317d314997

SHA512
c235a8d725b50abbcbf8a374c849bf73b74e5a582be04a6c7d8d15beb6c1f0e763e4f95e87423bbf7e7a5e109d588a411bad84e488afbe4d1d160938165a82b5

Download Submit
C:\Users\Admin\AppData\Local\TempChtk\chtk.exe

Filesize
72KB

MD5
55247a906cc02a2bfb66e22c29533f65

SHA1
a6b24a298476318cf9344e9514798ae77b6d550b

SHA256
35501357e52fb7584353af9612db1e08dc2adc7ece4f8947ca7c80279daf8c41

SHA512
9965cff14cc6983df1a42a745432bce902e02bb63780dea1e9d0dce76644152ac8b8c0f11887c9826cc9ba154a58d0feb1eda7d65ecb4fed23c53a8c3d3ad632

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmD811.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit