15901381f4c9e5dc1e5bfba9c19eb3f30a7159c69ac2a4efa49f952bec3b57b8

Analysis

max time kernel
183s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

310d8f1911e6357a678995e413cfe777.exe
Size

367KB
MD5

310d8f1911e6357a678995e413cfe777
SHA1

b3b582e3efd5531f3d2bbe2c9e31e2f7912ee50a
SHA256

15901381f4c9e5dc1e5bfba9c19eb3f30a7159c69ac2a4efa49f952bec3b57b8
SHA512

2fd7792c04ed4d3d0d3fb982f42193f45fc1b68c84fe597be593de2054434c93eaa73eb5fa6a0701f4fb713cb4e4a686407d8dee308e0fe247b42a0c62d99a06
SSDEEP

6144:BJcaEGc7fZqUpISwpDD84Y9Y2h1IJggpVNV7+ljmDA4K/Dt4nqcL47acnsGxYu/u:ncahc7fYue3DeO+AV/Li8L

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\310d8f1911e6357a678995e413cfe777.lnk	310d8f1911e6357a678995e413cfe777.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\310d8f1911e6357a678995e413cfe777.exe
"C:\Users\Admin\AppData\Local\Temp\310d8f1911e6357a678995e413cfe777.exe"
1⤵
- Drops startup file
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1692-0-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download
memory/1692-1-0x0000000000DB0000-0x0000000000DB2000-memory.dmp

Filesize
8KB

Download
memory/1692-2-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

Filesize
4KB

Download
memory/1692-3-0x0000000001460000-0x0000000001461000-memory.dmp

Filesize
4KB

Download
memory/1692-4-0x0000000001480000-0x0000000001481000-memory.dmp

Filesize
4KB

Download
memory/1692-16-0x0000000001600000-0x0000000001601000-memory.dmp

Filesize
4KB

Download
memory/1692-24-0x0000000001640000-0x0000000001641000-memory.dmp

Filesize
4KB

Download
memory/1692-23-0x00000000015F0000-0x00000000015F1000-memory.dmp

Filesize
4KB

Download
memory/1692-21-0x00000000014A0000-0x00000000014A1000-memory.dmp

Filesize
4KB

Download
memory/1692-22-0x0000000001510000-0x0000000001512000-memory.dmp

Filesize
8KB

Download
memory/1692-20-0x0000000001650000-0x0000000001651000-memory.dmp

Filesize
4KB

Download
memory/1692-25-0x0000000001660000-0x0000000001661000-memory.dmp

Filesize
4KB

Download
memory/1692-27-0x0000000001670000-0x0000000001671000-memory.dmp

Filesize
4KB

Download
memory/1692-31-0x0000000001680000-0x0000000001681000-memory.dmp

Filesize
4KB

Download
memory/1692-26-0x00000000015B0000-0x00000000015DC000-memory.dmp

Filesize
176KB

Download
memory/1692-19-0x0000000001630000-0x0000000001631000-memory.dmp

Filesize
4KB

Download
memory/1692-18-0x0000000001620000-0x0000000001621000-memory.dmp

Filesize
4KB

Download
memory/1692-17-0x0000000001610000-0x0000000001611000-memory.dmp

Filesize
4KB

Download
memory/1692-15-0x00000000015E0000-0x00000000015E1000-memory.dmp

Filesize
4KB

Download
memory/1692-14-0x00000000015A0000-0x00000000015A1000-memory.dmp

Filesize
4KB

Download
memory/1692-13-0x0000000001590000-0x0000000001591000-memory.dmp

Filesize
4KB

Download
memory/1692-12-0x0000000001580000-0x0000000001581000-memory.dmp

Filesize
4KB

Download
memory/1692-11-0x0000000001570000-0x0000000001571000-memory.dmp

Filesize
4KB

Download
memory/1692-10-0x0000000001560000-0x0000000001561000-memory.dmp

Filesize
4KB

Download
memory/1692-9-0x0000000001540000-0x0000000001541000-memory.dmp

Filesize
4KB

Download
memory/1692-8-0x0000000001530000-0x0000000001531000-memory.dmp

Filesize
4KB

Download
memory/1692-6-0x00000000014B0000-0x00000000014B1000-memory.dmp

Filesize
4KB

Download
memory/1692-7-0x0000000001520000-0x0000000001521000-memory.dmp

Filesize
4KB

Download
memory/1692-5-0x0000000001490000-0x0000000001491000-memory.dmp

Filesize
4KB

Download
memory/1692-38-0x0000000003A60000-0x0000000003A61000-memory.dmp

Filesize
4KB

Download